1 | /* $NetBSD: crypto_openssl.c,v 1.20.4.3 2012/12/24 14:50:39 tteras Exp $ */ |
---|
2 | |
---|
3 | /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */ |
---|
4 | |
---|
5 | /* |
---|
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
---|
7 | * All rights reserved. |
---|
8 | * |
---|
9 | * Redistribution and use in source and binary forms, with or without |
---|
10 | * modification, are permitted provided that the following conditions |
---|
11 | * are met: |
---|
12 | * 1. Redistributions of source code must retain the above copyright |
---|
13 | * notice, this list of conditions and the following disclaimer. |
---|
14 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
15 | * notice, this list of conditions and the following disclaimer in the |
---|
16 | * documentation and/or other materials provided with the distribution. |
---|
17 | * 3. Neither the name of the project nor the names of its contributors |
---|
18 | * may be used to endorse or promote products derived from this software |
---|
19 | * without specific prior written permission. |
---|
20 | * |
---|
21 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
---|
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
---|
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
31 | * SUCH DAMAGE. |
---|
32 | */ |
---|
33 | |
---|
34 | #include "config.h" |
---|
35 | |
---|
36 | #include <sys/types.h> |
---|
37 | #include <sys/param.h> |
---|
38 | |
---|
39 | #include <stdlib.h> |
---|
40 | #include <stdio.h> |
---|
41 | #include <limits.h> |
---|
42 | #include <string.h> |
---|
43 | |
---|
44 | /* get openssl/ssleay version number */ |
---|
45 | #include <openssl/opensslv.h> |
---|
46 | |
---|
47 | #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090813fL) |
---|
48 | #error OpenSSL version 0.9.8s or later required. |
---|
49 | #endif |
---|
50 | |
---|
51 | #include <openssl/pem.h> |
---|
52 | #include <openssl/evp.h> |
---|
53 | #include <openssl/x509.h> |
---|
54 | #include <openssl/x509v3.h> |
---|
55 | #include <openssl/x509_vfy.h> |
---|
56 | #include <openssl/bn.h> |
---|
57 | #include <openssl/dh.h> |
---|
58 | #include <openssl/md5.h> |
---|
59 | #include <openssl/sha.h> |
---|
60 | #include <openssl/hmac.h> |
---|
61 | #include <openssl/des.h> |
---|
62 | #include <openssl/crypto.h> |
---|
63 | #ifdef HAVE_OPENSSL_ENGINE_H |
---|
64 | #include <openssl/engine.h> |
---|
65 | #endif |
---|
66 | #include <openssl/blowfish.h> |
---|
67 | #include <openssl/cast.h> |
---|
68 | #include <openssl/err.h> |
---|
69 | #ifdef HAVE_OPENSSL_RC5_H |
---|
70 | #include <openssl/rc5.h> |
---|
71 | #endif |
---|
72 | #ifdef HAVE_OPENSSL_IDEA_H |
---|
73 | #include <openssl/idea.h> |
---|
74 | #endif |
---|
75 | #if defined(HAVE_OPENSSL_AES_H) |
---|
76 | #include <openssl/aes.h> |
---|
77 | #elif defined(HAVE_OPENSSL_RIJNDAEL_H) |
---|
78 | #include <openssl/rijndael.h> |
---|
79 | #else |
---|
80 | #include "crypto/rijndael/rijndael-api-fst.h" |
---|
81 | #endif |
---|
82 | #if defined(HAVE_OPENSSL_CAMELLIA_H) |
---|
83 | #include <openssl/camellia.h> |
---|
84 | #endif |
---|
85 | #ifdef WITH_SHA2 |
---|
86 | #ifdef HAVE_OPENSSL_SHA2_H |
---|
87 | #include <openssl/sha2.h> |
---|
88 | #else |
---|
89 | #include "crypto/sha2/sha2.h" |
---|
90 | #endif |
---|
91 | #endif |
---|
92 | #include "plog.h" |
---|
93 | |
---|
94 | #define USE_NEW_DES_API |
---|
95 | |
---|
96 | #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0) |
---|
97 | |
---|
98 | #include "var.h" |
---|
99 | #include "misc.h" |
---|
100 | #include "vmbuf.h" |
---|
101 | #include "plog.h" |
---|
102 | #include "crypto_openssl.h" |
---|
103 | #include "debug.h" |
---|
104 | #include "gcmalloc.h" |
---|
105 | #include "isakmp.h" |
---|
106 | |
---|
107 | /* |
---|
108 | * I hate to cast every parameter to des_xx into void *, but it is |
---|
109 | * necessary for SSLeay/OpenSSL portability. It sucks. |
---|
110 | */ |
---|
111 | |
---|
112 | static int cb_check_cert_local __P((int, X509_STORE_CTX *)); |
---|
113 | static int cb_check_cert_remote __P((int, X509_STORE_CTX *)); |
---|
114 | static X509 *mem2x509 __P((vchar_t *)); |
---|
115 | |
---|
116 | static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *)); |
---|
117 | |
---|
118 | /* X509 Certificate */ |
---|
119 | /* |
---|
120 | * convert the string of the subject name into DER |
---|
121 | * e.g. str = "C=JP, ST=Kanagawa"; |
---|
122 | */ |
---|
123 | vchar_t * |
---|
124 | eay_str2asn1dn(str, len) |
---|
125 | const char *str; |
---|
126 | int len; |
---|
127 | { |
---|
128 | X509_NAME *name; |
---|
129 | char *buf, *dst; |
---|
130 | char *field, *value; |
---|
131 | int i; |
---|
132 | vchar_t *ret = NULL; |
---|
133 | caddr_t p; |
---|
134 | |
---|
135 | if (len == -1) |
---|
136 | len = strlen(str); |
---|
137 | |
---|
138 | buf = racoon_malloc(len + 1); |
---|
139 | if (!buf) { |
---|
140 | plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n"); |
---|
141 | return NULL; |
---|
142 | } |
---|
143 | memcpy(buf, str, len); |
---|
144 | |
---|
145 | name = X509_NAME_new(); |
---|
146 | |
---|
147 | dst = field = &buf[0]; |
---|
148 | value = NULL; |
---|
149 | for (i = 0; i < len; i++) { |
---|
150 | if (buf[i] == '\\') { |
---|
151 | /* Escape characters specified in RFC 2253 */ |
---|
152 | if (i < len - 1 && |
---|
153 | strchr("\\,=+<>#;", buf[i+1]) != NULL) { |
---|
154 | *dst++ = buf[++i]; |
---|
155 | continue; |
---|
156 | } else if (i < len - 2) { |
---|
157 | /* RFC 2253 hexpair character escape */ |
---|
158 | long u; |
---|
159 | char esc_str[3]; |
---|
160 | char *endptr; |
---|
161 | |
---|
162 | esc_str[0] = buf[++i]; |
---|
163 | esc_str[1] = buf[++i]; |
---|
164 | esc_str[2] = '\0'; |
---|
165 | u = strtol(esc_str, &endptr, 16); |
---|
166 | if (*endptr != '\0' || u < 0 || u > 255) |
---|
167 | goto err; |
---|
168 | *dst++ = u; |
---|
169 | continue; |
---|
170 | } else |
---|
171 | goto err; |
---|
172 | } |
---|
173 | if (!value && buf[i] == '=') { |
---|
174 | *dst = '\0'; |
---|
175 | dst = value = &buf[i + 1]; |
---|
176 | continue; |
---|
177 | } else if (buf[i] == ',' || buf[i] == '/') { |
---|
178 | *dst = '\0'; |
---|
179 | |
---|
180 | plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n", |
---|
181 | field, value); |
---|
182 | |
---|
183 | if (!value) goto err; |
---|
184 | if (!X509_NAME_add_entry_by_txt(name, field, |
---|
185 | (value[0] == '*' && value[1] == 0) ? |
---|
186 | V_ASN1_PRINTABLESTRING : MBSTRING_ASC, |
---|
187 | (unsigned char *) value, -1, -1, 0)) { |
---|
188 | plog(LLV_ERROR, LOCATION, NULL, |
---|
189 | "Invalid DN field: %s=%s\n", |
---|
190 | field, value); |
---|
191 | plog(LLV_ERROR, LOCATION, NULL, |
---|
192 | "%s\n", eay_strerror()); |
---|
193 | goto err; |
---|
194 | } |
---|
195 | |
---|
196 | while (i + 1 < len && buf[i + 1] == ' ') i++; |
---|
197 | dst = field = &buf[i + 1]; |
---|
198 | value = NULL; |
---|
199 | continue; |
---|
200 | } else { |
---|
201 | *dst++ = buf[i]; |
---|
202 | } |
---|
203 | } |
---|
204 | *dst = '\0'; |
---|
205 | |
---|
206 | plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n", |
---|
207 | field, value); |
---|
208 | |
---|
209 | if (!value) goto err; |
---|
210 | if (!X509_NAME_add_entry_by_txt(name, field, |
---|
211 | (value[0] == '*' && value[1] == 0) ? |
---|
212 | V_ASN1_PRINTABLESTRING : MBSTRING_ASC, |
---|
213 | (unsigned char *) value, -1, -1, 0)) { |
---|
214 | plog(LLV_ERROR, LOCATION, NULL, |
---|
215 | "Invalid DN field: %s=%s\n", |
---|
216 | field, value); |
---|
217 | plog(LLV_ERROR, LOCATION, NULL, |
---|
218 | "%s\n", eay_strerror()); |
---|
219 | goto err; |
---|
220 | } |
---|
221 | |
---|
222 | i = i2d_X509_NAME(name, NULL); |
---|
223 | if (!i) |
---|
224 | goto err; |
---|
225 | ret = vmalloc(i); |
---|
226 | if (!ret) |
---|
227 | goto err; |
---|
228 | p = ret->v; |
---|
229 | i = i2d_X509_NAME(name, (void *)&p); |
---|
230 | if (!i) |
---|
231 | goto err; |
---|
232 | |
---|
233 | return ret; |
---|
234 | |
---|
235 | err: |
---|
236 | if (buf) |
---|
237 | racoon_free(buf); |
---|
238 | if (name) |
---|
239 | X509_NAME_free(name); |
---|
240 | if (ret) |
---|
241 | vfree(ret); |
---|
242 | return NULL; |
---|
243 | } |
---|
244 | |
---|
245 | /* |
---|
246 | * convert the hex string of the subject name into DER |
---|
247 | */ |
---|
248 | vchar_t * |
---|
249 | eay_hex2asn1dn(const char *hex, int len) |
---|
250 | { |
---|
251 | BIGNUM *bn = BN_new(); |
---|
252 | char *binbuf; |
---|
253 | size_t binlen; |
---|
254 | vchar_t *ret = NULL; |
---|
255 | |
---|
256 | if (len == -1) |
---|
257 | len = strlen(hex); |
---|
258 | |
---|
259 | if (BN_hex2bn(&bn, hex) != len) { |
---|
260 | plog(LLV_ERROR, LOCATION, NULL, |
---|
261 | "conversion of Hex-encoded ASN1 string to binary failed: %s\n", |
---|
262 | eay_strerror()); |
---|
263 | goto out; |
---|
264 | } |
---|
265 | |
---|
266 | binlen = BN_num_bytes(bn); |
---|
267 | ret = vmalloc(binlen); |
---|
268 | if (!ret) { |
---|
269 | plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n"); |
---|
270 | return NULL; |
---|
271 | } |
---|
272 | binbuf = ret->v; |
---|
273 | |
---|
274 | BN_bn2bin(bn, (unsigned char *) binbuf); |
---|
275 | |
---|
276 | out: |
---|
277 | BN_free(bn); |
---|
278 | |
---|
279 | return ret; |
---|
280 | } |
---|
281 | |
---|
282 | /* |
---|
283 | * compare two subjectNames. |
---|
284 | * OUT: 0: equal |
---|
285 | * positive: |
---|
286 | * -1: other error. |
---|
287 | */ |
---|
288 | int |
---|
289 | eay_cmp_asn1dn(n1, n2) |
---|
290 | vchar_t *n1, *n2; |
---|
291 | { |
---|
292 | X509_NAME *a = NULL, *b = NULL; |
---|
293 | caddr_t p; |
---|
294 | char oneLine[512]; |
---|
295 | int i = -1; |
---|
296 | int idx; |
---|
297 | |
---|
298 | p = n1->v; |
---|
299 | if (!d2i_X509_NAME(&a, (void *)&p, n1->l)) { |
---|
300 | plog(LLV_ERROR, LOCATION, NULL, "eay_cmp_asn1dn: first dn not a dn"); |
---|
301 | goto end; |
---|
302 | } |
---|
303 | plog(LLV_DEBUG, LOCATION, NULL, "1st name: %s\n", X509_NAME_oneline(a, oneLine, sizeof(oneLine))); |
---|
304 | p = n2->v; |
---|
305 | if (!d2i_X509_NAME(&b, (void *)&p, n2->l)) { |
---|
306 | plog(LLV_ERROR, LOCATION, NULL, "eay_cmp_asn1dn: second dn not a dn"); |
---|
307 | goto end; |
---|
308 | } |
---|
309 | plog(LLV_DEBUG, LOCATION, NULL, "2nd name: %s\n", X509_NAME_oneline(b, oneLine, sizeof(oneLine))); |
---|
310 | |
---|
311 | /* handle wildcard: do not compare entry content but only entry object type */ |
---|
312 | for(idx = 0; idx < X509_NAME_entry_count(a); idx++) { |
---|
313 | X509_NAME_ENTRY *ea = X509_NAME_get_entry(a, idx); |
---|
314 | X509_NAME_ENTRY *eb = X509_NAME_get_entry(b, idx); |
---|
315 | if (!eb) { /* reached end of eb while still entries in ea, can not be equal... */ |
---|
316 | i = idx+1; |
---|
317 | goto end; |
---|
318 | } |
---|
319 | if ((ea->value->length == 1 && ea->value->data[0] == '*') || |
---|
320 | (eb->value->length == 1 && eb->value->data[0] == '*')) { |
---|
321 | if (OBJ_cmp(ea->object,eb->object)) { |
---|
322 | i = idx+1; |
---|
323 | goto end; |
---|
324 | } |
---|
325 | /* OK: object type equals, we don't care for this entry anymore, so let's forget it... */ |
---|
326 | X509_NAME_delete_entry(a, idx); |
---|
327 | X509_NAME_delete_entry(b, idx); |
---|
328 | X509_NAME_ENTRY_free(ea); |
---|
329 | X509_NAME_ENTRY_free(eb); |
---|
330 | idx--; |
---|
331 | } |
---|
332 | } |
---|
333 | if (X509_NAME_entry_count(a) == 0 && X509_NAME_entry_count(b) == 0) |
---|
334 | i = 0; |
---|
335 | else |
---|
336 | i = X509_NAME_cmp(a, b); |
---|
337 | |
---|
338 | end: |
---|
339 | if (a) |
---|
340 | X509_NAME_free(a); |
---|
341 | if (b) |
---|
342 | X509_NAME_free(b); |
---|
343 | return i; |
---|
344 | } |
---|
345 | |
---|
346 | /* |
---|
347 | * this functions is derived from apps/verify.c in OpenSSL0.9.5 |
---|
348 | */ |
---|
349 | int |
---|
350 | eay_check_x509cert(cert, CApath, CAfile, local) |
---|
351 | vchar_t *cert; |
---|
352 | char *CApath; |
---|
353 | char *CAfile; |
---|
354 | int local; |
---|
355 | { |
---|
356 | X509_STORE *cert_ctx = NULL; |
---|
357 | X509_LOOKUP *lookup = NULL; |
---|
358 | X509 *x509 = NULL; |
---|
359 | X509_STORE_CTX *csc; |
---|
360 | int error = -1; |
---|
361 | |
---|
362 | cert_ctx = X509_STORE_new(); |
---|
363 | if (cert_ctx == NULL) |
---|
364 | goto end; |
---|
365 | |
---|
366 | if (local) |
---|
367 | X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local); |
---|
368 | else |
---|
369 | X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote); |
---|
370 | |
---|
371 | lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); |
---|
372 | if (lookup == NULL) |
---|
373 | goto end; |
---|
374 | |
---|
375 | X509_LOOKUP_load_file(lookup, CAfile, |
---|
376 | (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM); |
---|
377 | |
---|
378 | lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); |
---|
379 | if (lookup == NULL) |
---|
380 | goto end; |
---|
381 | error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM); |
---|
382 | if(!error) { |
---|
383 | error = -1; |
---|
384 | goto end; |
---|
385 | } |
---|
386 | error = -1; /* initialized */ |
---|
387 | |
---|
388 | /* read the certificate to be verified */ |
---|
389 | x509 = mem2x509(cert); |
---|
390 | if (x509 == NULL) |
---|
391 | goto end; |
---|
392 | |
---|
393 | csc = X509_STORE_CTX_new(); |
---|
394 | if (csc == NULL) |
---|
395 | goto end; |
---|
396 | X509_STORE_CTX_init(csc, cert_ctx, x509, NULL); |
---|
397 | X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK); |
---|
398 | X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL); |
---|
399 | error = X509_verify_cert(csc); |
---|
400 | X509_STORE_CTX_free(csc); |
---|
401 | |
---|
402 | /* |
---|
403 | * if x509_verify_cert() is successful then the value of error is |
---|
404 | * set non-zero. |
---|
405 | */ |
---|
406 | error = error ? 0 : -1; |
---|
407 | |
---|
408 | end: |
---|
409 | if (error) |
---|
410 | plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror()); |
---|
411 | if (cert_ctx != NULL) |
---|
412 | X509_STORE_free(cert_ctx); |
---|
413 | if (x509 != NULL) |
---|
414 | X509_free(x509); |
---|
415 | |
---|
416 | return(error); |
---|
417 | } |
---|
418 | |
---|
419 | /* |
---|
420 | * callback function for verifing certificate. |
---|
421 | * this function is derived from cb() in openssl/apps/s_server.c |
---|
422 | */ |
---|
423 | static int |
---|
424 | cb_check_cert_local(ok, ctx) |
---|
425 | int ok; |
---|
426 | X509_STORE_CTX *ctx; |
---|
427 | { |
---|
428 | char buf[256]; |
---|
429 | int log_tag; |
---|
430 | |
---|
431 | if (!ok) { |
---|
432 | X509_NAME_oneline( |
---|
433 | X509_get_subject_name(ctx->current_cert), |
---|
434 | buf, |
---|
435 | 256); |
---|
436 | /* |
---|
437 | * since we are just checking the certificates, it is |
---|
438 | * ok if they are self signed. But we should still warn |
---|
439 | * the user. |
---|
440 | */ |
---|
441 | switch (ctx->error) { |
---|
442 | case X509_V_ERR_CERT_HAS_EXPIRED: |
---|
443 | case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: |
---|
444 | case X509_V_ERR_INVALID_CA: |
---|
445 | case X509_V_ERR_PATH_LENGTH_EXCEEDED: |
---|
446 | case X509_V_ERR_INVALID_PURPOSE: |
---|
447 | case X509_V_ERR_UNABLE_TO_GET_CRL: |
---|
448 | ok = 1; |
---|
449 | log_tag = LLV_WARNING; |
---|
450 | break; |
---|
451 | default: |
---|
452 | log_tag = LLV_ERROR; |
---|
453 | } |
---|
454 | plog(log_tag, LOCATION, NULL, |
---|
455 | "%s(%d) at depth:%d SubjectName:%s\n", |
---|
456 | X509_verify_cert_error_string(ctx->error), |
---|
457 | ctx->error, |
---|
458 | ctx->error_depth, |
---|
459 | buf); |
---|
460 | } |
---|
461 | ERR_clear_error(); |
---|
462 | |
---|
463 | return ok; |
---|
464 | } |
---|
465 | |
---|
466 | /* |
---|
467 | * callback function for verifing remote certificates. |
---|
468 | * this function is derived from cb() in openssl/apps/s_server.c |
---|
469 | */ |
---|
470 | static int |
---|
471 | cb_check_cert_remote(ok, ctx) |
---|
472 | int ok; |
---|
473 | X509_STORE_CTX *ctx; |
---|
474 | { |
---|
475 | char buf[256]; |
---|
476 | int log_tag; |
---|
477 | |
---|
478 | if (!ok) { |
---|
479 | X509_NAME_oneline( |
---|
480 | X509_get_subject_name(ctx->current_cert), |
---|
481 | buf, |
---|
482 | 256); |
---|
483 | switch (ctx->error) { |
---|
484 | case X509_V_ERR_UNABLE_TO_GET_CRL: |
---|
485 | ok = 1; |
---|
486 | log_tag = LLV_WARNING; |
---|
487 | break; |
---|
488 | default: |
---|
489 | log_tag = LLV_ERROR; |
---|
490 | } |
---|
491 | plog(log_tag, LOCATION, NULL, |
---|
492 | "%s(%d) at depth:%d SubjectName:%s\n", |
---|
493 | X509_verify_cert_error_string(ctx->error), |
---|
494 | ctx->error, |
---|
495 | ctx->error_depth, |
---|
496 | buf); |
---|
497 | } |
---|
498 | ERR_clear_error(); |
---|
499 | |
---|
500 | return ok; |
---|
501 | } |
---|
502 | |
---|
503 | /* |
---|
504 | * get a subjectName from X509 certificate. |
---|
505 | */ |
---|
506 | vchar_t * |
---|
507 | eay_get_x509asn1subjectname(cert) |
---|
508 | vchar_t *cert; |
---|
509 | { |
---|
510 | X509 *x509 = NULL; |
---|
511 | u_char *bp; |
---|
512 | vchar_t *name = NULL; |
---|
513 | int len; |
---|
514 | |
---|
515 | x509 = mem2x509(cert); |
---|
516 | if (x509 == NULL) |
---|
517 | goto error; |
---|
518 | |
---|
519 | /* get the length of the name */ |
---|
520 | len = i2d_X509_NAME(x509->cert_info->subject, NULL); |
---|
521 | name = vmalloc(len); |
---|
522 | if (!name) |
---|
523 | goto error; |
---|
524 | /* get the name */ |
---|
525 | bp = (unsigned char *) name->v; |
---|
526 | len = i2d_X509_NAME(x509->cert_info->subject, &bp); |
---|
527 | |
---|
528 | X509_free(x509); |
---|
529 | |
---|
530 | return name; |
---|
531 | |
---|
532 | error: |
---|
533 | plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); |
---|
534 | |
---|
535 | if (name != NULL) |
---|
536 | vfree(name); |
---|
537 | |
---|
538 | if (x509 != NULL) |
---|
539 | X509_free(x509); |
---|
540 | |
---|
541 | return NULL; |
---|
542 | } |
---|
543 | |
---|
544 | /* |
---|
545 | * get the subjectAltName from X509 certificate. |
---|
546 | * the name must be terminated by '\0'. |
---|
547 | */ |
---|
548 | int |
---|
549 | eay_get_x509subjectaltname(cert, altname, type, pos) |
---|
550 | vchar_t *cert; |
---|
551 | char **altname; |
---|
552 | int *type; |
---|
553 | int pos; |
---|
554 | { |
---|
555 | X509 *x509 = NULL; |
---|
556 | GENERAL_NAMES *gens = NULL; |
---|
557 | GENERAL_NAME *gen; |
---|
558 | int len; |
---|
559 | int error = -1; |
---|
560 | |
---|
561 | *altname = NULL; |
---|
562 | *type = GENT_OTHERNAME; |
---|
563 | |
---|
564 | x509 = mem2x509(cert); |
---|
565 | if (x509 == NULL) |
---|
566 | goto end; |
---|
567 | |
---|
568 | gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL); |
---|
569 | if (gens == NULL) |
---|
570 | goto end; |
---|
571 | |
---|
572 | /* there is no data at "pos" */ |
---|
573 | if (pos > sk_GENERAL_NAME_num(gens)) |
---|
574 | goto end; |
---|
575 | |
---|
576 | gen = sk_GENERAL_NAME_value(gens, pos - 1); |
---|
577 | |
---|
578 | /* read DNSName / Email */ |
---|
579 | if (gen->type == GEN_DNS || |
---|
580 | gen->type == GEN_EMAIL || |
---|
581 | gen->type == GEN_URI ) |
---|
582 | { |
---|
583 | /* make sure if the data is terminated by '\0'. */ |
---|
584 | if (gen->d.ia5->data[gen->d.ia5->length] != '\0') |
---|
585 | { |
---|
586 | plog(LLV_ERROR, LOCATION, NULL, |
---|
587 | "data is not terminated by NUL."); |
---|
588 | racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1); |
---|
589 | goto end; |
---|
590 | } |
---|
591 | |
---|
592 | len = gen->d.ia5->length + 1; |
---|
593 | *altname = racoon_malloc(len); |
---|
594 | if (!*altname) |
---|
595 | goto end; |
---|
596 | |
---|
597 | strlcpy(*altname, (char *) gen->d.ia5->data, len); |
---|
598 | *type = gen->type; |
---|
599 | error = 0; |
---|
600 | } |
---|
601 | /* read IP address */ |
---|
602 | else if (gen->type == GEN_IPADD) |
---|
603 | { |
---|
604 | unsigned char p[5], *ip; |
---|
605 | ip = p; |
---|
606 | |
---|
607 | /* only support IPv4 */ |
---|
608 | if (gen->d.ip->length != 4) |
---|
609 | goto end; |
---|
610 | |
---|
611 | /* convert Octet String to String |
---|
612 | * XXX ??????? |
---|
613 | */ |
---|
614 | /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/ |
---|
615 | ip = gen->d.ip->data; |
---|
616 | |
---|
617 | /* XXX Magic, enough for an IPv4 address |
---|
618 | */ |
---|
619 | *altname = racoon_malloc(20); |
---|
620 | if (!*altname) |
---|
621 | goto end; |
---|
622 | |
---|
623 | sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); |
---|
624 | *type = gen->type; |
---|
625 | error = 0; |
---|
626 | } |
---|
627 | /* XXX other possible types ? |
---|
628 | * For now, error will be -1 if unsupported type |
---|
629 | */ |
---|
630 | |
---|
631 | end: |
---|
632 | if (error) { |
---|
633 | if (*altname) { |
---|
634 | racoon_free(*altname); |
---|
635 | *altname = NULL; |
---|
636 | } |
---|
637 | plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); |
---|
638 | } |
---|
639 | if (x509) |
---|
640 | X509_free(x509); |
---|
641 | if (gens) |
---|
642 | /* free the whole stack. */ |
---|
643 | sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); |
---|
644 | |
---|
645 | return error; |
---|
646 | } |
---|
647 | |
---|
648 | /* |
---|
649 | * get a issuerName from X509 certificate. |
---|
650 | */ |
---|
651 | vchar_t * |
---|
652 | eay_get_x509asn1issuername(cert) |
---|
653 | vchar_t *cert; |
---|
654 | { |
---|
655 | X509 *x509 = NULL; |
---|
656 | u_char *bp; |
---|
657 | vchar_t *name = NULL; |
---|
658 | int len; |
---|
659 | |
---|
660 | x509 = mem2x509(cert); |
---|
661 | if (x509 == NULL) |
---|
662 | goto error; |
---|
663 | |
---|
664 | /* get the length of the name */ |
---|
665 | len = i2d_X509_NAME(x509->cert_info->issuer, NULL); |
---|
666 | name = vmalloc(len); |
---|
667 | if (name == NULL) |
---|
668 | goto error; |
---|
669 | |
---|
670 | /* get the name */ |
---|
671 | bp = (unsigned char *) name->v; |
---|
672 | len = i2d_X509_NAME(x509->cert_info->issuer, &bp); |
---|
673 | |
---|
674 | X509_free(x509); |
---|
675 | |
---|
676 | return name; |
---|
677 | |
---|
678 | error: |
---|
679 | plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); |
---|
680 | |
---|
681 | if (name != NULL) |
---|
682 | vfree(name); |
---|
683 | if (x509 != NULL) |
---|
684 | X509_free(x509); |
---|
685 | |
---|
686 | return NULL; |
---|
687 | } |
---|
688 | |
---|
689 | /* |
---|
690 | * decode a X509 certificate and make a readable text terminated '\n'. |
---|
691 | * return the buffer allocated, so must free it later. |
---|
692 | */ |
---|
693 | char * |
---|
694 | eay_get_x509text(cert) |
---|
695 | vchar_t *cert; |
---|
696 | { |
---|
697 | X509 *x509 = NULL; |
---|
698 | BIO *bio = NULL; |
---|
699 | char *text = NULL; |
---|
700 | u_char *bp = NULL; |
---|
701 | int len = 0; |
---|
702 | int error = -1; |
---|
703 | |
---|
704 | x509 = mem2x509(cert); |
---|
705 | if (x509 == NULL) |
---|
706 | goto end; |
---|
707 | |
---|
708 | bio = BIO_new(BIO_s_mem()); |
---|
709 | if (bio == NULL) |
---|
710 | goto end; |
---|
711 | |
---|
712 | error = X509_print(bio, x509); |
---|
713 | if (error != 1) { |
---|
714 | error = -1; |
---|
715 | goto end; |
---|
716 | } |
---|
717 | |
---|
718 | len = BIO_get_mem_data(bio, &bp); |
---|
719 | text = racoon_malloc(len + 1); |
---|
720 | if (text == NULL) |
---|
721 | goto end; |
---|
722 | memcpy(text, bp, len); |
---|
723 | text[len] = '\0'; |
---|
724 | |
---|
725 | error = 0; |
---|
726 | |
---|
727 | end: |
---|
728 | if (error) { |
---|
729 | if (text) { |
---|
730 | racoon_free(text); |
---|
731 | text = NULL; |
---|
732 | } |
---|
733 | plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); |
---|
734 | } |
---|
735 | if (bio) |
---|
736 | BIO_free(bio); |
---|
737 | if (x509) |
---|
738 | X509_free(x509); |
---|
739 | |
---|
740 | return text; |
---|
741 | } |
---|
742 | |
---|
743 | /* get X509 structure from buffer. */ |
---|
744 | static X509 * |
---|
745 | mem2x509(cert) |
---|
746 | vchar_t *cert; |
---|
747 | { |
---|
748 | X509 *x509; |
---|
749 | |
---|
750 | #ifndef EAYDEBUG |
---|
751 | { |
---|
752 | u_char *bp; |
---|
753 | |
---|
754 | bp = (unsigned char *) cert->v + 1; |
---|
755 | |
---|
756 | x509 = d2i_X509(NULL, (void *)&bp, cert->l - 1); |
---|
757 | } |
---|
758 | #else |
---|
759 | { |
---|
760 | BIO *bio; |
---|
761 | int len; |
---|
762 | |
---|
763 | bio = BIO_new(BIO_s_mem()); |
---|
764 | if (bio == NULL) |
---|
765 | return NULL; |
---|
766 | len = BIO_write(bio, cert->v + 1, cert->l - 1); |
---|
767 | if (len == -1) |
---|
768 | return NULL; |
---|
769 | x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); |
---|
770 | BIO_free(bio); |
---|
771 | } |
---|
772 | #endif |
---|
773 | return x509; |
---|
774 | } |
---|
775 | |
---|
776 | /* |
---|
777 | * get a X509 certificate from local file. |
---|
778 | * a certificate must be PEM format. |
---|
779 | * Input: |
---|
780 | * path to a certificate. |
---|
781 | * Output: |
---|
782 | * NULL if error occured |
---|
783 | * other is the cert. |
---|
784 | */ |
---|
785 | vchar_t * |
---|
786 | eay_get_x509cert(path) |
---|
787 | char *path; |
---|
788 | { |
---|
789 | FILE *fp; |
---|
790 | X509 *x509; |
---|
791 | vchar_t *cert; |
---|
792 | u_char *bp; |
---|
793 | int len; |
---|
794 | int error; |
---|
795 | |
---|
796 | /* Read private key */ |
---|
797 | fp = fopen(path, "r"); |
---|
798 | if (fp == NULL) |
---|
799 | return NULL; |
---|
800 | x509 = PEM_read_X509(fp, NULL, NULL, NULL); |
---|
801 | fclose (fp); |
---|
802 | |
---|
803 | if (x509 == NULL) |
---|
804 | return NULL; |
---|
805 | |
---|
806 | len = i2d_X509(x509, NULL); |
---|
807 | cert = vmalloc(len + 1); |
---|
808 | if (cert == NULL) { |
---|
809 | X509_free(x509); |
---|
810 | return NULL; |
---|
811 | } |
---|
812 | cert->v[0] = ISAKMP_CERT_X509SIGN; |
---|
813 | bp = (unsigned char *) &cert->v[1]; |
---|
814 | error = i2d_X509(x509, &bp); |
---|
815 | X509_free(x509); |
---|
816 | |
---|
817 | if (error == 0) { |
---|
818 | vfree(cert); |
---|
819 | return NULL; |
---|
820 | } |
---|
821 | |
---|
822 | return cert; |
---|
823 | } |
---|
824 | |
---|
825 | /* |
---|
826 | * check a X509 signature |
---|
827 | * XXX: to be get hash type from my cert ? |
---|
828 | * to be handled EVP_dss(). |
---|
829 | * OUT: return -1 when error. |
---|
830 | * 0 |
---|
831 | */ |
---|
832 | int |
---|
833 | eay_check_x509sign(source, sig, cert) |
---|
834 | vchar_t *source; |
---|
835 | vchar_t *sig; |
---|
836 | vchar_t *cert; |
---|
837 | { |
---|
838 | X509 *x509; |
---|
839 | EVP_PKEY *evp; |
---|
840 | int res; |
---|
841 | |
---|
842 | x509 = mem2x509(cert); |
---|
843 | if (x509 == NULL) |
---|
844 | return -1; |
---|
845 | |
---|
846 | evp = X509_get_pubkey(x509); |
---|
847 | if (! evp) { |
---|
848 | plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror()); |
---|
849 | X509_free(x509); |
---|
850 | return -1; |
---|
851 | } |
---|
852 | |
---|
853 | res = eay_rsa_verify(source, sig, evp->pkey.rsa); |
---|
854 | |
---|
855 | EVP_PKEY_free(evp); |
---|
856 | X509_free(x509); |
---|
857 | |
---|
858 | return res; |
---|
859 | } |
---|
860 | |
---|
861 | /* |
---|
862 | * check RSA signature |
---|
863 | * OUT: return -1 when error. |
---|
864 | * 0 on success |
---|
865 | */ |
---|
866 | int |
---|
867 | eay_check_rsasign(source, sig, rsa) |
---|
868 | vchar_t *source; |
---|
869 | vchar_t *sig; |
---|
870 | RSA *rsa; |
---|
871 | { |
---|
872 | return eay_rsa_verify(source, sig, rsa); |
---|
873 | } |
---|
874 | |
---|
875 | /* |
---|
876 | * get PKCS#1 Private Key of PEM format from local file. |
---|
877 | */ |
---|
878 | vchar_t * |
---|
879 | eay_get_pkcs1privkey(path) |
---|
880 | char *path; |
---|
881 | { |
---|
882 | FILE *fp; |
---|
883 | EVP_PKEY *evp = NULL; |
---|
884 | vchar_t *pkey = NULL; |
---|
885 | u_char *bp; |
---|
886 | int pkeylen; |
---|
887 | int error = -1; |
---|
888 | |
---|
889 | /* Read private key */ |
---|
890 | fp = fopen(path, "r"); |
---|
891 | if (fp == NULL) |
---|
892 | return NULL; |
---|
893 | |
---|
894 | evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL); |
---|
895 | |
---|
896 | fclose (fp); |
---|
897 | |
---|
898 | if (evp == NULL) |
---|
899 | return NULL; |
---|
900 | |
---|
901 | pkeylen = i2d_PrivateKey(evp, NULL); |
---|
902 | if (pkeylen == 0) |
---|
903 | goto end; |
---|
904 | pkey = vmalloc(pkeylen); |
---|
905 | if (pkey == NULL) |
---|
906 | goto end; |
---|
907 | bp = (unsigned char *) pkey->v; |
---|
908 | pkeylen = i2d_PrivateKey(evp, &bp); |
---|
909 | if (pkeylen == 0) |
---|
910 | goto end; |
---|
911 | |
---|
912 | error = 0; |
---|
913 | |
---|
914 | end: |
---|
915 | if (evp != NULL) |
---|
916 | EVP_PKEY_free(evp); |
---|
917 | if (error != 0 && pkey != NULL) { |
---|
918 | vfree(pkey); |
---|
919 | pkey = NULL; |
---|
920 | } |
---|
921 | |
---|
922 | return pkey; |
---|
923 | } |
---|
924 | |
---|
925 | /* |
---|
926 | * get PKCS#1 Public Key of PEM format from local file. |
---|
927 | */ |
---|
928 | vchar_t * |
---|
929 | eay_get_pkcs1pubkey(path) |
---|
930 | char *path; |
---|
931 | { |
---|
932 | FILE *fp; |
---|
933 | EVP_PKEY *evp = NULL; |
---|
934 | vchar_t *pkey = NULL; |
---|
935 | X509 *x509 = NULL; |
---|
936 | u_char *bp; |
---|
937 | int pkeylen; |
---|
938 | int error = -1; |
---|
939 | |
---|
940 | /* Read private key */ |
---|
941 | fp = fopen(path, "r"); |
---|
942 | if (fp == NULL) |
---|
943 | return NULL; |
---|
944 | |
---|
945 | x509 = PEM_read_X509(fp, NULL, NULL, NULL); |
---|
946 | |
---|
947 | fclose (fp); |
---|
948 | |
---|
949 | if (x509 == NULL) |
---|
950 | return NULL; |
---|
951 | |
---|
952 | /* Get public key - eay */ |
---|
953 | evp = X509_get_pubkey(x509); |
---|
954 | if (evp == NULL) |
---|
955 | return NULL; |
---|
956 | |
---|
957 | pkeylen = i2d_PublicKey(evp, NULL); |
---|
958 | if (pkeylen == 0) |
---|
959 | goto end; |
---|
960 | pkey = vmalloc(pkeylen); |
---|
961 | if (pkey == NULL) |
---|
962 | goto end; |
---|
963 | bp = (unsigned char *) pkey->v; |
---|
964 | pkeylen = i2d_PublicKey(evp, &bp); |
---|
965 | if (pkeylen == 0) |
---|
966 | goto end; |
---|
967 | |
---|
968 | error = 0; |
---|
969 | end: |
---|
970 | if (evp != NULL) |
---|
971 | EVP_PKEY_free(evp); |
---|
972 | if (error != 0 && pkey != NULL) { |
---|
973 | vfree(pkey); |
---|
974 | pkey = NULL; |
---|
975 | } |
---|
976 | |
---|
977 | return pkey; |
---|
978 | } |
---|
979 | |
---|
980 | vchar_t * |
---|
981 | eay_get_x509sign(src, privkey) |
---|
982 | vchar_t *src, *privkey; |
---|
983 | { |
---|
984 | EVP_PKEY *evp; |
---|
985 | u_char *bp = (unsigned char *) privkey->v; |
---|
986 | vchar_t *sig = NULL; |
---|
987 | int len; |
---|
988 | int pad = RSA_PKCS1_PADDING; |
---|
989 | |
---|
990 | /* XXX to be handled EVP_PKEY_DSA */ |
---|
991 | evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l); |
---|
992 | if (evp == NULL) |
---|
993 | return NULL; |
---|
994 | |
---|
995 | sig = eay_rsa_sign(src, evp->pkey.rsa); |
---|
996 | |
---|
997 | EVP_PKEY_free(evp); |
---|
998 | |
---|
999 | return sig; |
---|
1000 | } |
---|
1001 | |
---|
1002 | vchar_t * |
---|
1003 | eay_get_rsasign(src, rsa) |
---|
1004 | vchar_t *src; |
---|
1005 | RSA *rsa; |
---|
1006 | { |
---|
1007 | return eay_rsa_sign(src, rsa); |
---|
1008 | } |
---|
1009 | |
---|
1010 | vchar_t * |
---|
1011 | eay_rsa_sign(vchar_t *src, RSA *rsa) |
---|
1012 | { |
---|
1013 | int len; |
---|
1014 | vchar_t *sig = NULL; |
---|
1015 | int pad = RSA_PKCS1_PADDING; |
---|
1016 | |
---|
1017 | len = RSA_size(rsa); |
---|
1018 | |
---|
1019 | sig = vmalloc(len); |
---|
1020 | if (sig == NULL) |
---|
1021 | return NULL; |
---|
1022 | |
---|
1023 | len = RSA_private_encrypt(src->l, (unsigned char *) src->v, |
---|
1024 | (unsigned char *) sig->v, rsa, pad); |
---|
1025 | |
---|
1026 | if (len == 0 || len != sig->l) { |
---|
1027 | vfree(sig); |
---|
1028 | sig = NULL; |
---|
1029 | } |
---|
1030 | |
---|
1031 | return sig; |
---|
1032 | } |
---|
1033 | |
---|
1034 | int |
---|
1035 | eay_rsa_verify(src, sig, rsa) |
---|
1036 | vchar_t *src, *sig; |
---|
1037 | RSA *rsa; |
---|
1038 | { |
---|
1039 | vchar_t *xbuf = NULL; |
---|
1040 | int pad = RSA_PKCS1_PADDING; |
---|
1041 | int len = 0; |
---|
1042 | int error; |
---|
1043 | |
---|
1044 | len = RSA_size(rsa); |
---|
1045 | xbuf = vmalloc(len); |
---|
1046 | if (xbuf == NULL) { |
---|
1047 | plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); |
---|
1048 | return -1; |
---|
1049 | } |
---|
1050 | |
---|
1051 | len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v, |
---|
1052 | (unsigned char *) xbuf->v, rsa, pad); |
---|
1053 | if (len == 0 || len != src->l) { |
---|
1054 | plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); |
---|
1055 | vfree(xbuf); |
---|
1056 | return -1; |
---|
1057 | } |
---|
1058 | |
---|
1059 | error = memcmp(src->v, xbuf->v, src->l); |
---|
1060 | vfree(xbuf); |
---|
1061 | if (error != 0) |
---|
1062 | return -1; |
---|
1063 | |
---|
1064 | return 0; |
---|
1065 | } |
---|
1066 | |
---|
1067 | /* |
---|
1068 | * get error string |
---|
1069 | * MUST load ERR_load_crypto_strings() first. |
---|
1070 | */ |
---|
1071 | char * |
---|
1072 | eay_strerror() |
---|
1073 | { |
---|
1074 | static char ebuf[512]; |
---|
1075 | int len = 0, n; |
---|
1076 | unsigned long l; |
---|
1077 | char buf[200]; |
---|
1078 | const char *file, *data; |
---|
1079 | int line, flags; |
---|
1080 | unsigned long es; |
---|
1081 | |
---|
1082 | es = CRYPTO_thread_id(); |
---|
1083 | |
---|
1084 | while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){ |
---|
1085 | n = snprintf(ebuf + len, sizeof(ebuf) - len, |
---|
1086 | "%lu:%s:%s:%d:%s ", |
---|
1087 | es, ERR_error_string(l, buf), file, line, |
---|
1088 | (flags & ERR_TXT_STRING) ? data : ""); |
---|
1089 | if (n < 0 || n >= sizeof(ebuf) - len) |
---|
1090 | break; |
---|
1091 | len += n; |
---|
1092 | if (sizeof(ebuf) < len) |
---|
1093 | break; |
---|
1094 | } |
---|
1095 | |
---|
1096 | return ebuf; |
---|
1097 | } |
---|
1098 | |
---|
1099 | vchar_t * |
---|
1100 | evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc) |
---|
1101 | { |
---|
1102 | vchar_t *res; |
---|
1103 | EVP_CIPHER_CTX ctx; |
---|
1104 | |
---|
1105 | if (!e) |
---|
1106 | return NULL; |
---|
1107 | |
---|
1108 | if (data->l % EVP_CIPHER_block_size(e)) |
---|
1109 | return NULL; |
---|
1110 | |
---|
1111 | if ((res = vmalloc(data->l)) == NULL) |
---|
1112 | return NULL; |
---|
1113 | |
---|
1114 | EVP_CIPHER_CTX_init(&ctx); |
---|
1115 | |
---|
1116 | switch(EVP_CIPHER_nid(e)){ |
---|
1117 | case NID_bf_cbc: |
---|
1118 | case NID_bf_ecb: |
---|
1119 | case NID_bf_cfb64: |
---|
1120 | case NID_bf_ofb64: |
---|
1121 | case NID_cast5_cbc: |
---|
1122 | case NID_cast5_ecb: |
---|
1123 | case NID_cast5_cfb64: |
---|
1124 | case NID_cast5_ofb64: |
---|
1125 | /* XXX: can we do that also for algos with a fixed key size ? |
---|
1126 | */ |
---|
1127 | /* init context without key/iv |
---|
1128 | */ |
---|
1129 | if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc)) |
---|
1130 | { |
---|
1131 | OpenSSL_BUG(); |
---|
1132 | vfree(res); |
---|
1133 | return NULL; |
---|
1134 | } |
---|
1135 | |
---|
1136 | /* update key size |
---|
1137 | */ |
---|
1138 | if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l)) |
---|
1139 | { |
---|
1140 | OpenSSL_BUG(); |
---|
1141 | vfree(res); |
---|
1142 | return NULL; |
---|
1143 | } |
---|
1144 | |
---|
1145 | /* finalize context init with desired key size |
---|
1146 | */ |
---|
1147 | if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v, |
---|
1148 | (u_char *) iv->v, enc)) |
---|
1149 | { |
---|
1150 | OpenSSL_BUG(); |
---|
1151 | vfree(res); |
---|
1152 | return NULL; |
---|
1153 | } |
---|
1154 | break; |
---|
1155 | default: |
---|
1156 | if (!EVP_CipherInit(&ctx, e, (u_char *) key->v, |
---|
1157 | (u_char *) iv->v, enc)) { |
---|
1158 | OpenSSL_BUG(); |
---|
1159 | vfree(res); |
---|
1160 | return NULL; |
---|
1161 | } |
---|
1162 | } |
---|
1163 | |
---|
1164 | /* disable openssl padding */ |
---|
1165 | EVP_CIPHER_CTX_set_padding(&ctx, 0); |
---|
1166 | |
---|
1167 | if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) { |
---|
1168 | OpenSSL_BUG(); |
---|
1169 | vfree(res); |
---|
1170 | return NULL; |
---|
1171 | } |
---|
1172 | |
---|
1173 | EVP_CIPHER_CTX_cleanup(&ctx); |
---|
1174 | |
---|
1175 | return res; |
---|
1176 | } |
---|
1177 | |
---|
1178 | int |
---|
1179 | evp_weakkey(vchar_t *key, const EVP_CIPHER *e) |
---|
1180 | { |
---|
1181 | return 0; |
---|
1182 | } |
---|
1183 | |
---|
1184 | int |
---|
1185 | evp_keylen(int len, const EVP_CIPHER *e) |
---|
1186 | { |
---|
1187 | if (!e) |
---|
1188 | return -1; |
---|
1189 | /* EVP functions return lengths in bytes, ipsec-tools |
---|
1190 | * uses lengths in bits, therefore conversion is required. --AK |
---|
1191 | */ |
---|
1192 | if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3)) |
---|
1193 | return -1; |
---|
1194 | |
---|
1195 | return EVP_CIPHER_key_length(e) << 3; |
---|
1196 | } |
---|
1197 | |
---|
1198 | /* |
---|
1199 | * DES-CBC |
---|
1200 | */ |
---|
1201 | vchar_t * |
---|
1202 | eay_des_encrypt(data, key, iv) |
---|
1203 | vchar_t *data, *key, *iv; |
---|
1204 | { |
---|
1205 | return evp_crypt(data, key, iv, EVP_des_cbc(), 1); |
---|
1206 | } |
---|
1207 | |
---|
1208 | vchar_t * |
---|
1209 | eay_des_decrypt(data, key, iv) |
---|
1210 | vchar_t *data, *key, *iv; |
---|
1211 | { |
---|
1212 | return evp_crypt(data, key, iv, EVP_des_cbc(), 0); |
---|
1213 | } |
---|
1214 | |
---|
1215 | int |
---|
1216 | eay_des_weakkey(key) |
---|
1217 | vchar_t *key; |
---|
1218 | { |
---|
1219 | #ifdef USE_NEW_DES_API |
---|
1220 | return DES_is_weak_key((void *)key->v); |
---|
1221 | #else |
---|
1222 | return des_is_weak_key((void *)key->v); |
---|
1223 | #endif |
---|
1224 | } |
---|
1225 | |
---|
1226 | int |
---|
1227 | eay_des_keylen(len) |
---|
1228 | int len; |
---|
1229 | { |
---|
1230 | return evp_keylen(len, EVP_des_cbc()); |
---|
1231 | } |
---|
1232 | |
---|
1233 | #ifdef HAVE_OPENSSL_IDEA_H |
---|
1234 | /* |
---|
1235 | * IDEA-CBC |
---|
1236 | */ |
---|
1237 | vchar_t * |
---|
1238 | eay_idea_encrypt(data, key, iv) |
---|
1239 | vchar_t *data, *key, *iv; |
---|
1240 | { |
---|
1241 | vchar_t *res; |
---|
1242 | IDEA_KEY_SCHEDULE ks; |
---|
1243 | |
---|
1244 | idea_set_encrypt_key((unsigned char *)key->v, &ks); |
---|
1245 | |
---|
1246 | /* allocate buffer for result */ |
---|
1247 | if ((res = vmalloc(data->l)) == NULL) |
---|
1248 | return NULL; |
---|
1249 | |
---|
1250 | /* decryption data */ |
---|
1251 | idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, |
---|
1252 | &ks, (unsigned char *)iv->v, IDEA_ENCRYPT); |
---|
1253 | |
---|
1254 | return res; |
---|
1255 | } |
---|
1256 | |
---|
1257 | vchar_t * |
---|
1258 | eay_idea_decrypt(data, key, iv) |
---|
1259 | vchar_t *data, *key, *iv; |
---|
1260 | { |
---|
1261 | vchar_t *res; |
---|
1262 | IDEA_KEY_SCHEDULE ks, dks; |
---|
1263 | |
---|
1264 | idea_set_encrypt_key((unsigned char *)key->v, &ks); |
---|
1265 | idea_set_decrypt_key(&ks, &dks); |
---|
1266 | |
---|
1267 | /* allocate buffer for result */ |
---|
1268 | if ((res = vmalloc(data->l)) == NULL) |
---|
1269 | return NULL; |
---|
1270 | |
---|
1271 | /* decryption data */ |
---|
1272 | idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, |
---|
1273 | &dks, (unsigned char *)iv->v, IDEA_DECRYPT); |
---|
1274 | |
---|
1275 | return res; |
---|
1276 | } |
---|
1277 | |
---|
1278 | int |
---|
1279 | eay_idea_weakkey(key) |
---|
1280 | vchar_t *key; |
---|
1281 | { |
---|
1282 | return 0; /* XXX */ |
---|
1283 | } |
---|
1284 | |
---|
1285 | int |
---|
1286 | eay_idea_keylen(len) |
---|
1287 | int len; |
---|
1288 | { |
---|
1289 | if (len != 0 && len != 128) |
---|
1290 | return -1; |
---|
1291 | return 128; |
---|
1292 | } |
---|
1293 | #endif |
---|
1294 | |
---|
1295 | /* |
---|
1296 | * BLOWFISH-CBC |
---|
1297 | */ |
---|
1298 | vchar_t * |
---|
1299 | eay_bf_encrypt(data, key, iv) |
---|
1300 | vchar_t *data, *key, *iv; |
---|
1301 | { |
---|
1302 | return evp_crypt(data, key, iv, EVP_bf_cbc(), 1); |
---|
1303 | } |
---|
1304 | |
---|
1305 | vchar_t * |
---|
1306 | eay_bf_decrypt(data, key, iv) |
---|
1307 | vchar_t *data, *key, *iv; |
---|
1308 | { |
---|
1309 | return evp_crypt(data, key, iv, EVP_bf_cbc(), 0); |
---|
1310 | } |
---|
1311 | |
---|
1312 | int |
---|
1313 | eay_bf_weakkey(key) |
---|
1314 | vchar_t *key; |
---|
1315 | { |
---|
1316 | return 0; /* XXX to be done. refer to RFC 2451 */ |
---|
1317 | } |
---|
1318 | |
---|
1319 | int |
---|
1320 | eay_bf_keylen(len) |
---|
1321 | int len; |
---|
1322 | { |
---|
1323 | if (len == 0) |
---|
1324 | return 448; |
---|
1325 | if (len < 40 || len > 448) |
---|
1326 | return -1; |
---|
1327 | return len; |
---|
1328 | } |
---|
1329 | |
---|
1330 | #ifdef HAVE_OPENSSL_RC5_H |
---|
1331 | /* |
---|
1332 | * RC5-CBC |
---|
1333 | */ |
---|
1334 | vchar_t * |
---|
1335 | eay_rc5_encrypt(data, key, iv) |
---|
1336 | vchar_t *data, *key, *iv; |
---|
1337 | { |
---|
1338 | vchar_t *res; |
---|
1339 | RC5_32_KEY ks; |
---|
1340 | |
---|
1341 | /* in RFC 2451, there is information about the number of round. */ |
---|
1342 | RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16); |
---|
1343 | |
---|
1344 | /* allocate buffer for result */ |
---|
1345 | if ((res = vmalloc(data->l)) == NULL) |
---|
1346 | return NULL; |
---|
1347 | |
---|
1348 | /* decryption data */ |
---|
1349 | RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, |
---|
1350 | &ks, (unsigned char *)iv->v, RC5_ENCRYPT); |
---|
1351 | |
---|
1352 | return res; |
---|
1353 | } |
---|
1354 | |
---|
1355 | vchar_t * |
---|
1356 | eay_rc5_decrypt(data, key, iv) |
---|
1357 | vchar_t *data, *key, *iv; |
---|
1358 | { |
---|
1359 | vchar_t *res; |
---|
1360 | RC5_32_KEY ks; |
---|
1361 | |
---|
1362 | /* in RFC 2451, there is information about the number of round. */ |
---|
1363 | RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16); |
---|
1364 | |
---|
1365 | /* allocate buffer for result */ |
---|
1366 | if ((res = vmalloc(data->l)) == NULL) |
---|
1367 | return NULL; |
---|
1368 | |
---|
1369 | /* decryption data */ |
---|
1370 | RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, |
---|
1371 | &ks, (unsigned char *)iv->v, RC5_DECRYPT); |
---|
1372 | |
---|
1373 | return res; |
---|
1374 | } |
---|
1375 | |
---|
1376 | int |
---|
1377 | eay_rc5_weakkey(key) |
---|
1378 | vchar_t *key; |
---|
1379 | { |
---|
1380 | return 0; /* No known weak keys when used with 16 rounds. */ |
---|
1381 | |
---|
1382 | } |
---|
1383 | |
---|
1384 | int |
---|
1385 | eay_rc5_keylen(len) |
---|
1386 | int len; |
---|
1387 | { |
---|
1388 | if (len == 0) |
---|
1389 | return 128; |
---|
1390 | if (len < 40 || len > 2040) |
---|
1391 | return -1; |
---|
1392 | return len; |
---|
1393 | } |
---|
1394 | #endif |
---|
1395 | |
---|
1396 | /* |
---|
1397 | * 3DES-CBC |
---|
1398 | */ |
---|
1399 | vchar_t * |
---|
1400 | eay_3des_encrypt(data, key, iv) |
---|
1401 | vchar_t *data, *key, *iv; |
---|
1402 | { |
---|
1403 | return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1); |
---|
1404 | } |
---|
1405 | |
---|
1406 | vchar_t * |
---|
1407 | eay_3des_decrypt(data, key, iv) |
---|
1408 | vchar_t *data, *key, *iv; |
---|
1409 | { |
---|
1410 | return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0); |
---|
1411 | } |
---|
1412 | |
---|
1413 | int |
---|
1414 | eay_3des_weakkey(key) |
---|
1415 | vchar_t *key; |
---|
1416 | { |
---|
1417 | #ifdef USE_NEW_DES_API |
---|
1418 | return (DES_is_weak_key((void *)key->v) || |
---|
1419 | DES_is_weak_key((void *)(key->v + 8)) || |
---|
1420 | DES_is_weak_key((void *)(key->v + 16))); |
---|
1421 | #else |
---|
1422 | if (key->l < 24) |
---|
1423 | return 0; |
---|
1424 | |
---|
1425 | return (des_is_weak_key((void *)key->v) || |
---|
1426 | des_is_weak_key((void *)(key->v + 8)) || |
---|
1427 | des_is_weak_key((void *)(key->v + 16))); |
---|
1428 | #endif |
---|
1429 | } |
---|
1430 | |
---|
1431 | int |
---|
1432 | eay_3des_keylen(len) |
---|
1433 | int len; |
---|
1434 | { |
---|
1435 | if (len != 0 && len != 192) |
---|
1436 | return -1; |
---|
1437 | return 192; |
---|
1438 | } |
---|
1439 | |
---|
1440 | /* |
---|
1441 | * CAST-CBC |
---|
1442 | */ |
---|
1443 | vchar_t * |
---|
1444 | eay_cast_encrypt(data, key, iv) |
---|
1445 | vchar_t *data, *key, *iv; |
---|
1446 | { |
---|
1447 | return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1); |
---|
1448 | } |
---|
1449 | |
---|
1450 | vchar_t * |
---|
1451 | eay_cast_decrypt(data, key, iv) |
---|
1452 | vchar_t *data, *key, *iv; |
---|
1453 | { |
---|
1454 | return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0); |
---|
1455 | } |
---|
1456 | |
---|
1457 | int |
---|
1458 | eay_cast_weakkey(key) |
---|
1459 | vchar_t *key; |
---|
1460 | { |
---|
1461 | return 0; /* No known weak keys. */ |
---|
1462 | } |
---|
1463 | |
---|
1464 | int |
---|
1465 | eay_cast_keylen(len) |
---|
1466 | int len; |
---|
1467 | { |
---|
1468 | if (len == 0) |
---|
1469 | return 128; |
---|
1470 | if (len < 40 || len > 128) |
---|
1471 | return -1; |
---|
1472 | return len; |
---|
1473 | } |
---|
1474 | |
---|
1475 | /* |
---|
1476 | * AES(RIJNDAEL)-CBC |
---|
1477 | */ |
---|
1478 | #ifndef HAVE_OPENSSL_AES_H |
---|
1479 | vchar_t * |
---|
1480 | eay_aes_encrypt(data, key, iv) |
---|
1481 | vchar_t *data, *key, *iv; |
---|
1482 | { |
---|
1483 | vchar_t *res; |
---|
1484 | keyInstance k; |
---|
1485 | cipherInstance c; |
---|
1486 | |
---|
1487 | memset(&k, 0, sizeof(k)); |
---|
1488 | if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0) |
---|
1489 | return NULL; |
---|
1490 | |
---|
1491 | /* allocate buffer for result */ |
---|
1492 | if ((res = vmalloc(data->l)) == NULL) |
---|
1493 | return NULL; |
---|
1494 | |
---|
1495 | /* encryption data */ |
---|
1496 | memset(&c, 0, sizeof(c)); |
---|
1497 | if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){ |
---|
1498 | vfree(res); |
---|
1499 | return NULL; |
---|
1500 | } |
---|
1501 | if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){ |
---|
1502 | vfree(res); |
---|
1503 | return NULL; |
---|
1504 | } |
---|
1505 | |
---|
1506 | return res; |
---|
1507 | } |
---|
1508 | |
---|
1509 | vchar_t * |
---|
1510 | eay_aes_decrypt(data, key, iv) |
---|
1511 | vchar_t *data, *key, *iv; |
---|
1512 | { |
---|
1513 | vchar_t *res; |
---|
1514 | keyInstance k; |
---|
1515 | cipherInstance c; |
---|
1516 | |
---|
1517 | memset(&k, 0, sizeof(k)); |
---|
1518 | if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0) |
---|
1519 | return NULL; |
---|
1520 | |
---|
1521 | /* allocate buffer for result */ |
---|
1522 | if ((res = vmalloc(data->l)) == NULL) |
---|
1523 | return NULL; |
---|
1524 | |
---|
1525 | /* decryption data */ |
---|
1526 | memset(&c, 0, sizeof(c)); |
---|
1527 | if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){ |
---|
1528 | vfree(res); |
---|
1529 | return NULL; |
---|
1530 | } |
---|
1531 | if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){ |
---|
1532 | vfree(res); |
---|
1533 | return NULL; |
---|
1534 | } |
---|
1535 | |
---|
1536 | return res; |
---|
1537 | } |
---|
1538 | #else |
---|
1539 | static inline const EVP_CIPHER * |
---|
1540 | aes_evp_by_keylen(int keylen) |
---|
1541 | { |
---|
1542 | switch(keylen) { |
---|
1543 | case 16: |
---|
1544 | case 128: |
---|
1545 | return EVP_aes_128_cbc(); |
---|
1546 | case 24: |
---|
1547 | case 192: |
---|
1548 | return EVP_aes_192_cbc(); |
---|
1549 | case 32: |
---|
1550 | case 256: |
---|
1551 | return EVP_aes_256_cbc(); |
---|
1552 | default: |
---|
1553 | return NULL; |
---|
1554 | } |
---|
1555 | } |
---|
1556 | |
---|
1557 | vchar_t * |
---|
1558 | eay_aes_encrypt(data, key, iv) |
---|
1559 | vchar_t *data, *key, *iv; |
---|
1560 | { |
---|
1561 | return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1); |
---|
1562 | } |
---|
1563 | |
---|
1564 | vchar_t * |
---|
1565 | eay_aes_decrypt(data, key, iv) |
---|
1566 | vchar_t *data, *key, *iv; |
---|
1567 | { |
---|
1568 | return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0); |
---|
1569 | } |
---|
1570 | #endif |
---|
1571 | |
---|
1572 | int |
---|
1573 | eay_aes_weakkey(key) |
---|
1574 | vchar_t *key; |
---|
1575 | { |
---|
1576 | return 0; |
---|
1577 | } |
---|
1578 | |
---|
1579 | int |
---|
1580 | eay_aes_keylen(len) |
---|
1581 | int len; |
---|
1582 | { |
---|
1583 | if (len == 0) |
---|
1584 | return 128; |
---|
1585 | if (len != 128 && len != 192 && len != 256) |
---|
1586 | return -1; |
---|
1587 | return len; |
---|
1588 | } |
---|
1589 | |
---|
1590 | #if defined(HAVE_OPENSSL_CAMELLIA_H) |
---|
1591 | /* |
---|
1592 | * CAMELLIA-CBC |
---|
1593 | */ |
---|
1594 | static inline const EVP_CIPHER * |
---|
1595 | camellia_evp_by_keylen(int keylen) |
---|
1596 | { |
---|
1597 | switch(keylen) { |
---|
1598 | case 16: |
---|
1599 | case 128: |
---|
1600 | return EVP_camellia_128_cbc(); |
---|
1601 | case 24: |
---|
1602 | case 192: |
---|
1603 | return EVP_camellia_192_cbc(); |
---|
1604 | case 32: |
---|
1605 | case 256: |
---|
1606 | return EVP_camellia_256_cbc(); |
---|
1607 | default: |
---|
1608 | return NULL; |
---|
1609 | } |
---|
1610 | } |
---|
1611 | |
---|
1612 | vchar_t * |
---|
1613 | eay_camellia_encrypt(data, key, iv) |
---|
1614 | vchar_t *data, *key, *iv; |
---|
1615 | { |
---|
1616 | return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1); |
---|
1617 | } |
---|
1618 | |
---|
1619 | vchar_t * |
---|
1620 | eay_camellia_decrypt(data, key, iv) |
---|
1621 | vchar_t *data, *key, *iv; |
---|
1622 | { |
---|
1623 | return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0); |
---|
1624 | } |
---|
1625 | |
---|
1626 | int |
---|
1627 | eay_camellia_weakkey(key) |
---|
1628 | vchar_t *key; |
---|
1629 | { |
---|
1630 | return 0; |
---|
1631 | } |
---|
1632 | |
---|
1633 | int |
---|
1634 | eay_camellia_keylen(len) |
---|
1635 | int len; |
---|
1636 | { |
---|
1637 | if (len == 0) |
---|
1638 | return 128; |
---|
1639 | if (len != 128 && len != 192 && len != 256) |
---|
1640 | return -1; |
---|
1641 | return len; |
---|
1642 | } |
---|
1643 | |
---|
1644 | #endif |
---|
1645 | |
---|
1646 | /* for ipsec part */ |
---|
1647 | int |
---|
1648 | eay_null_hashlen() |
---|
1649 | { |
---|
1650 | return 0; |
---|
1651 | } |
---|
1652 | |
---|
1653 | int |
---|
1654 | eay_kpdk_hashlen() |
---|
1655 | { |
---|
1656 | return 0; |
---|
1657 | } |
---|
1658 | |
---|
1659 | int |
---|
1660 | eay_twofish_keylen(len) |
---|
1661 | int len; |
---|
1662 | { |
---|
1663 | if (len < 0 || len > 256) |
---|
1664 | return -1; |
---|
1665 | return len; |
---|
1666 | } |
---|
1667 | |
---|
1668 | int |
---|
1669 | eay_null_keylen(len) |
---|
1670 | int len; |
---|
1671 | { |
---|
1672 | return 0; |
---|
1673 | } |
---|
1674 | |
---|
1675 | /* |
---|
1676 | * HMAC functions |
---|
1677 | */ |
---|
1678 | static caddr_t |
---|
1679 | eay_hmac_init(key, md) |
---|
1680 | vchar_t *key; |
---|
1681 | const EVP_MD *md; |
---|
1682 | { |
---|
1683 | HMAC_CTX *c = racoon_malloc(sizeof(*c)); |
---|
1684 | |
---|
1685 | HMAC_Init(c, key->v, key->l, md); |
---|
1686 | |
---|
1687 | return (caddr_t)c; |
---|
1688 | } |
---|
1689 | |
---|
1690 | static vchar_t *eay_hmac_one(key, data, type) |
---|
1691 | vchar_t *key, *data; |
---|
1692 | const EVP_MD *type; |
---|
1693 | { |
---|
1694 | vchar_t *res; |
---|
1695 | |
---|
1696 | if ((res = vmalloc(EVP_MD_size(type))) == 0) |
---|
1697 | return NULL; |
---|
1698 | |
---|
1699 | if (!HMAC(type, (void *) key->v, key->l, |
---|
1700 | (void *) data->v, data->l, (void *) res->v, NULL)) { |
---|
1701 | vfree(res); |
---|
1702 | return NULL; |
---|
1703 | } |
---|
1704 | |
---|
1705 | return res; |
---|
1706 | } |
---|
1707 | |
---|
1708 | static vchar_t *eay_digest_one(data, type) |
---|
1709 | vchar_t *data; |
---|
1710 | const EVP_MD *type; |
---|
1711 | { |
---|
1712 | vchar_t *res; |
---|
1713 | |
---|
1714 | if ((res = vmalloc(EVP_MD_size(type))) == 0) |
---|
1715 | return NULL; |
---|
1716 | |
---|
1717 | if (!EVP_Digest((void *) data->v, data->l, |
---|
1718 | (void *) res->v, NULL, type, NULL)) { |
---|
1719 | vfree(res); |
---|
1720 | return NULL; |
---|
1721 | } |
---|
1722 | |
---|
1723 | return res; |
---|
1724 | } |
---|
1725 | |
---|
1726 | #ifdef WITH_SHA2 |
---|
1727 | /* |
---|
1728 | * HMAC SHA2-512 |
---|
1729 | */ |
---|
1730 | vchar_t * |
---|
1731 | eay_hmacsha2_512_one(key, data) |
---|
1732 | vchar_t *key, *data; |
---|
1733 | { |
---|
1734 | return eay_hmac_one(key, data, EVP_sha2_512()); |
---|
1735 | } |
---|
1736 | |
---|
1737 | caddr_t |
---|
1738 | eay_hmacsha2_512_init(key) |
---|
1739 | vchar_t *key; |
---|
1740 | { |
---|
1741 | return eay_hmac_init(key, EVP_sha2_512()); |
---|
1742 | } |
---|
1743 | |
---|
1744 | void |
---|
1745 | eay_hmacsha2_512_update(c, data) |
---|
1746 | caddr_t c; |
---|
1747 | vchar_t *data; |
---|
1748 | { |
---|
1749 | HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); |
---|
1750 | } |
---|
1751 | |
---|
1752 | vchar_t * |
---|
1753 | eay_hmacsha2_512_final(c) |
---|
1754 | caddr_t c; |
---|
1755 | { |
---|
1756 | vchar_t *res; |
---|
1757 | unsigned int l; |
---|
1758 | |
---|
1759 | if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0) |
---|
1760 | return NULL; |
---|
1761 | |
---|
1762 | HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); |
---|
1763 | res->l = l; |
---|
1764 | HMAC_cleanup((HMAC_CTX *)c); |
---|
1765 | (void)racoon_free(c); |
---|
1766 | |
---|
1767 | if (SHA512_DIGEST_LENGTH != res->l) { |
---|
1768 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1769 | "hmac sha2_512 length mismatch %zd.\n", res->l); |
---|
1770 | vfree(res); |
---|
1771 | return NULL; |
---|
1772 | } |
---|
1773 | |
---|
1774 | return(res); |
---|
1775 | } |
---|
1776 | |
---|
1777 | /* |
---|
1778 | * HMAC SHA2-384 |
---|
1779 | */ |
---|
1780 | vchar_t * |
---|
1781 | eay_hmacsha2_384_one(key, data) |
---|
1782 | vchar_t *key, *data; |
---|
1783 | { |
---|
1784 | return eay_hmac_one(key, data, EVP_sha2_384()); |
---|
1785 | } |
---|
1786 | |
---|
1787 | caddr_t |
---|
1788 | eay_hmacsha2_384_init(key) |
---|
1789 | vchar_t *key; |
---|
1790 | { |
---|
1791 | return eay_hmac_init(key, EVP_sha2_384()); |
---|
1792 | } |
---|
1793 | |
---|
1794 | void |
---|
1795 | eay_hmacsha2_384_update(c, data) |
---|
1796 | caddr_t c; |
---|
1797 | vchar_t *data; |
---|
1798 | { |
---|
1799 | HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); |
---|
1800 | } |
---|
1801 | |
---|
1802 | vchar_t * |
---|
1803 | eay_hmacsha2_384_final(c) |
---|
1804 | caddr_t c; |
---|
1805 | { |
---|
1806 | vchar_t *res; |
---|
1807 | unsigned int l; |
---|
1808 | |
---|
1809 | if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0) |
---|
1810 | return NULL; |
---|
1811 | |
---|
1812 | HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); |
---|
1813 | res->l = l; |
---|
1814 | HMAC_cleanup((HMAC_CTX *)c); |
---|
1815 | (void)racoon_free(c); |
---|
1816 | |
---|
1817 | if (SHA384_DIGEST_LENGTH != res->l) { |
---|
1818 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1819 | "hmac sha2_384 length mismatch %zd.\n", res->l); |
---|
1820 | vfree(res); |
---|
1821 | return NULL; |
---|
1822 | } |
---|
1823 | |
---|
1824 | return(res); |
---|
1825 | } |
---|
1826 | |
---|
1827 | /* |
---|
1828 | * HMAC SHA2-256 |
---|
1829 | */ |
---|
1830 | vchar_t * |
---|
1831 | eay_hmacsha2_256_one(key, data) |
---|
1832 | vchar_t *key, *data; |
---|
1833 | { |
---|
1834 | return eay_hmac_one(key, data, EVP_sha2_256()); |
---|
1835 | } |
---|
1836 | |
---|
1837 | caddr_t |
---|
1838 | eay_hmacsha2_256_init(key) |
---|
1839 | vchar_t *key; |
---|
1840 | { |
---|
1841 | return eay_hmac_init(key, EVP_sha2_256()); |
---|
1842 | } |
---|
1843 | |
---|
1844 | void |
---|
1845 | eay_hmacsha2_256_update(c, data) |
---|
1846 | caddr_t c; |
---|
1847 | vchar_t *data; |
---|
1848 | { |
---|
1849 | HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); |
---|
1850 | } |
---|
1851 | |
---|
1852 | vchar_t * |
---|
1853 | eay_hmacsha2_256_final(c) |
---|
1854 | caddr_t c; |
---|
1855 | { |
---|
1856 | vchar_t *res; |
---|
1857 | unsigned int l; |
---|
1858 | |
---|
1859 | if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0) |
---|
1860 | return NULL; |
---|
1861 | |
---|
1862 | HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); |
---|
1863 | res->l = l; |
---|
1864 | HMAC_cleanup((HMAC_CTX *)c); |
---|
1865 | (void)racoon_free(c); |
---|
1866 | |
---|
1867 | if (SHA256_DIGEST_LENGTH != res->l) { |
---|
1868 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1869 | "hmac sha2_256 length mismatch %zd.\n", res->l); |
---|
1870 | vfree(res); |
---|
1871 | return NULL; |
---|
1872 | } |
---|
1873 | |
---|
1874 | return(res); |
---|
1875 | } |
---|
1876 | #endif /* WITH_SHA2 */ |
---|
1877 | |
---|
1878 | /* |
---|
1879 | * HMAC SHA1 |
---|
1880 | */ |
---|
1881 | vchar_t * |
---|
1882 | eay_hmacsha1_one(key, data) |
---|
1883 | vchar_t *key, *data; |
---|
1884 | { |
---|
1885 | return eay_hmac_one(key, data, EVP_sha1()); |
---|
1886 | } |
---|
1887 | |
---|
1888 | caddr_t |
---|
1889 | eay_hmacsha1_init(key) |
---|
1890 | vchar_t *key; |
---|
1891 | { |
---|
1892 | return eay_hmac_init(key, EVP_sha1()); |
---|
1893 | } |
---|
1894 | |
---|
1895 | void |
---|
1896 | eay_hmacsha1_update(c, data) |
---|
1897 | caddr_t c; |
---|
1898 | vchar_t *data; |
---|
1899 | { |
---|
1900 | HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); |
---|
1901 | } |
---|
1902 | |
---|
1903 | vchar_t * |
---|
1904 | eay_hmacsha1_final(c) |
---|
1905 | caddr_t c; |
---|
1906 | { |
---|
1907 | vchar_t *res; |
---|
1908 | unsigned int l; |
---|
1909 | |
---|
1910 | if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0) |
---|
1911 | return NULL; |
---|
1912 | |
---|
1913 | HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); |
---|
1914 | res->l = l; |
---|
1915 | HMAC_cleanup((HMAC_CTX *)c); |
---|
1916 | (void)racoon_free(c); |
---|
1917 | |
---|
1918 | if (SHA_DIGEST_LENGTH != res->l) { |
---|
1919 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1920 | "hmac sha1 length mismatch %zd.\n", res->l); |
---|
1921 | vfree(res); |
---|
1922 | return NULL; |
---|
1923 | } |
---|
1924 | |
---|
1925 | return(res); |
---|
1926 | } |
---|
1927 | |
---|
1928 | /* |
---|
1929 | * HMAC MD5 |
---|
1930 | */ |
---|
1931 | vchar_t * |
---|
1932 | eay_hmacmd5_one(key, data) |
---|
1933 | vchar_t *key, *data; |
---|
1934 | { |
---|
1935 | return eay_hmac_one(key, data, EVP_md5()); |
---|
1936 | } |
---|
1937 | |
---|
1938 | caddr_t |
---|
1939 | eay_hmacmd5_init(key) |
---|
1940 | vchar_t *key; |
---|
1941 | { |
---|
1942 | return eay_hmac_init(key, EVP_md5()); |
---|
1943 | } |
---|
1944 | |
---|
1945 | void |
---|
1946 | eay_hmacmd5_update(c, data) |
---|
1947 | caddr_t c; |
---|
1948 | vchar_t *data; |
---|
1949 | { |
---|
1950 | HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); |
---|
1951 | } |
---|
1952 | |
---|
1953 | vchar_t * |
---|
1954 | eay_hmacmd5_final(c) |
---|
1955 | caddr_t c; |
---|
1956 | { |
---|
1957 | vchar_t *res; |
---|
1958 | unsigned int l; |
---|
1959 | |
---|
1960 | if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0) |
---|
1961 | return NULL; |
---|
1962 | |
---|
1963 | HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); |
---|
1964 | res->l = l; |
---|
1965 | HMAC_cleanup((HMAC_CTX *)c); |
---|
1966 | (void)racoon_free(c); |
---|
1967 | |
---|
1968 | if (MD5_DIGEST_LENGTH != res->l) { |
---|
1969 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1970 | "hmac md5 length mismatch %zd.\n", res->l); |
---|
1971 | vfree(res); |
---|
1972 | return NULL; |
---|
1973 | } |
---|
1974 | |
---|
1975 | return(res); |
---|
1976 | } |
---|
1977 | |
---|
1978 | #ifdef WITH_SHA2 |
---|
1979 | /* |
---|
1980 | * SHA2-512 functions |
---|
1981 | */ |
---|
1982 | caddr_t |
---|
1983 | eay_sha2_512_init() |
---|
1984 | { |
---|
1985 | SHA512_CTX *c = racoon_malloc(sizeof(*c)); |
---|
1986 | |
---|
1987 | SHA512_Init(c); |
---|
1988 | |
---|
1989 | return((caddr_t)c); |
---|
1990 | } |
---|
1991 | |
---|
1992 | void |
---|
1993 | eay_sha2_512_update(c, data) |
---|
1994 | caddr_t c; |
---|
1995 | vchar_t *data; |
---|
1996 | { |
---|
1997 | SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l); |
---|
1998 | |
---|
1999 | return; |
---|
2000 | } |
---|
2001 | |
---|
2002 | vchar_t * |
---|
2003 | eay_sha2_512_final(c) |
---|
2004 | caddr_t c; |
---|
2005 | { |
---|
2006 | vchar_t *res; |
---|
2007 | |
---|
2008 | if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0) |
---|
2009 | return(0); |
---|
2010 | |
---|
2011 | SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c); |
---|
2012 | (void)racoon_free(c); |
---|
2013 | |
---|
2014 | return(res); |
---|
2015 | } |
---|
2016 | |
---|
2017 | vchar_t * |
---|
2018 | eay_sha2_512_one(data) |
---|
2019 | vchar_t *data; |
---|
2020 | { |
---|
2021 | return eay_digest_one(data, EVP_sha512()); |
---|
2022 | } |
---|
2023 | |
---|
2024 | int |
---|
2025 | eay_sha2_512_hashlen() |
---|
2026 | { |
---|
2027 | return SHA512_DIGEST_LENGTH << 3; |
---|
2028 | } |
---|
2029 | #endif |
---|
2030 | |
---|
2031 | #ifdef WITH_SHA2 |
---|
2032 | /* |
---|
2033 | * SHA2-384 functions |
---|
2034 | */ |
---|
2035 | caddr_t |
---|
2036 | eay_sha2_384_init() |
---|
2037 | { |
---|
2038 | SHA384_CTX *c = racoon_malloc(sizeof(*c)); |
---|
2039 | |
---|
2040 | SHA384_Init(c); |
---|
2041 | |
---|
2042 | return((caddr_t)c); |
---|
2043 | } |
---|
2044 | |
---|
2045 | void |
---|
2046 | eay_sha2_384_update(c, data) |
---|
2047 | caddr_t c; |
---|
2048 | vchar_t *data; |
---|
2049 | { |
---|
2050 | SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l); |
---|
2051 | |
---|
2052 | return; |
---|
2053 | } |
---|
2054 | |
---|
2055 | vchar_t * |
---|
2056 | eay_sha2_384_final(c) |
---|
2057 | caddr_t c; |
---|
2058 | { |
---|
2059 | vchar_t *res; |
---|
2060 | |
---|
2061 | if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0) |
---|
2062 | return(0); |
---|
2063 | |
---|
2064 | SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c); |
---|
2065 | (void)racoon_free(c); |
---|
2066 | |
---|
2067 | return(res); |
---|
2068 | } |
---|
2069 | |
---|
2070 | vchar_t * |
---|
2071 | eay_sha2_384_one(data) |
---|
2072 | vchar_t *data; |
---|
2073 | { |
---|
2074 | return eay_digest_one(data, EVP_sha2_384()); |
---|
2075 | } |
---|
2076 | |
---|
2077 | int |
---|
2078 | eay_sha2_384_hashlen() |
---|
2079 | { |
---|
2080 | return SHA384_DIGEST_LENGTH << 3; |
---|
2081 | } |
---|
2082 | #endif |
---|
2083 | |
---|
2084 | #ifdef WITH_SHA2 |
---|
2085 | /* |
---|
2086 | * SHA2-256 functions |
---|
2087 | */ |
---|
2088 | caddr_t |
---|
2089 | eay_sha2_256_init() |
---|
2090 | { |
---|
2091 | SHA256_CTX *c = racoon_malloc(sizeof(*c)); |
---|
2092 | |
---|
2093 | SHA256_Init(c); |
---|
2094 | |
---|
2095 | return((caddr_t)c); |
---|
2096 | } |
---|
2097 | |
---|
2098 | void |
---|
2099 | eay_sha2_256_update(c, data) |
---|
2100 | caddr_t c; |
---|
2101 | vchar_t *data; |
---|
2102 | { |
---|
2103 | SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l); |
---|
2104 | |
---|
2105 | return; |
---|
2106 | } |
---|
2107 | |
---|
2108 | vchar_t * |
---|
2109 | eay_sha2_256_final(c) |
---|
2110 | caddr_t c; |
---|
2111 | { |
---|
2112 | vchar_t *res; |
---|
2113 | |
---|
2114 | if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0) |
---|
2115 | return(0); |
---|
2116 | |
---|
2117 | SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c); |
---|
2118 | (void)racoon_free(c); |
---|
2119 | |
---|
2120 | return(res); |
---|
2121 | } |
---|
2122 | |
---|
2123 | vchar_t * |
---|
2124 | eay_sha2_256_one(data) |
---|
2125 | vchar_t *data; |
---|
2126 | { |
---|
2127 | return eay_digest_one(data, EVP_sha2_256()); |
---|
2128 | } |
---|
2129 | |
---|
2130 | int |
---|
2131 | eay_sha2_256_hashlen() |
---|
2132 | { |
---|
2133 | return SHA256_DIGEST_LENGTH << 3; |
---|
2134 | } |
---|
2135 | #endif |
---|
2136 | |
---|
2137 | /* |
---|
2138 | * SHA functions |
---|
2139 | */ |
---|
2140 | caddr_t |
---|
2141 | eay_sha1_init() |
---|
2142 | { |
---|
2143 | SHA_CTX *c = racoon_malloc(sizeof(*c)); |
---|
2144 | |
---|
2145 | SHA1_Init(c); |
---|
2146 | |
---|
2147 | return((caddr_t)c); |
---|
2148 | } |
---|
2149 | |
---|
2150 | void |
---|
2151 | eay_sha1_update(c, data) |
---|
2152 | caddr_t c; |
---|
2153 | vchar_t *data; |
---|
2154 | { |
---|
2155 | SHA1_Update((SHA_CTX *)c, data->v, data->l); |
---|
2156 | |
---|
2157 | return; |
---|
2158 | } |
---|
2159 | |
---|
2160 | vchar_t * |
---|
2161 | eay_sha1_final(c) |
---|
2162 | caddr_t c; |
---|
2163 | { |
---|
2164 | vchar_t *res; |
---|
2165 | |
---|
2166 | if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0) |
---|
2167 | return(0); |
---|
2168 | |
---|
2169 | SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c); |
---|
2170 | (void)racoon_free(c); |
---|
2171 | |
---|
2172 | return(res); |
---|
2173 | } |
---|
2174 | |
---|
2175 | vchar_t * |
---|
2176 | eay_sha1_one(data) |
---|
2177 | vchar_t *data; |
---|
2178 | { |
---|
2179 | return eay_digest_one(data, EVP_sha1()); |
---|
2180 | } |
---|
2181 | |
---|
2182 | int |
---|
2183 | eay_sha1_hashlen() |
---|
2184 | { |
---|
2185 | return SHA_DIGEST_LENGTH << 3; |
---|
2186 | } |
---|
2187 | |
---|
2188 | /* |
---|
2189 | * MD5 functions |
---|
2190 | */ |
---|
2191 | caddr_t |
---|
2192 | eay_md5_init() |
---|
2193 | { |
---|
2194 | MD5_CTX *c = racoon_malloc(sizeof(*c)); |
---|
2195 | |
---|
2196 | MD5_Init(c); |
---|
2197 | |
---|
2198 | return((caddr_t)c); |
---|
2199 | } |
---|
2200 | |
---|
2201 | void |
---|
2202 | eay_md5_update(c, data) |
---|
2203 | caddr_t c; |
---|
2204 | vchar_t *data; |
---|
2205 | { |
---|
2206 | MD5_Update((MD5_CTX *)c, data->v, data->l); |
---|
2207 | |
---|
2208 | return; |
---|
2209 | } |
---|
2210 | |
---|
2211 | vchar_t * |
---|
2212 | eay_md5_final(c) |
---|
2213 | caddr_t c; |
---|
2214 | { |
---|
2215 | vchar_t *res; |
---|
2216 | |
---|
2217 | if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0) |
---|
2218 | return(0); |
---|
2219 | |
---|
2220 | MD5_Final((unsigned char *) res->v, (MD5_CTX *)c); |
---|
2221 | (void)racoon_free(c); |
---|
2222 | |
---|
2223 | return(res); |
---|
2224 | } |
---|
2225 | |
---|
2226 | vchar_t * |
---|
2227 | eay_md5_one(data) |
---|
2228 | vchar_t *data; |
---|
2229 | { |
---|
2230 | return eay_digest_one(data, EVP_md5()); |
---|
2231 | } |
---|
2232 | |
---|
2233 | int |
---|
2234 | eay_md5_hashlen() |
---|
2235 | { |
---|
2236 | return MD5_DIGEST_LENGTH << 3; |
---|
2237 | } |
---|
2238 | |
---|
2239 | /* |
---|
2240 | * eay_set_random |
---|
2241 | * size: number of bytes. |
---|
2242 | */ |
---|
2243 | vchar_t * |
---|
2244 | eay_set_random(size) |
---|
2245 | u_int32_t size; |
---|
2246 | { |
---|
2247 | BIGNUM *r = NULL; |
---|
2248 | vchar_t *res = 0; |
---|
2249 | |
---|
2250 | if ((r = BN_new()) == NULL) |
---|
2251 | goto end; |
---|
2252 | BN_rand(r, size * 8, 0, 0); |
---|
2253 | eay_bn2v(&res, r); |
---|
2254 | |
---|
2255 | end: |
---|
2256 | if (r) |
---|
2257 | BN_free(r); |
---|
2258 | return(res); |
---|
2259 | } |
---|
2260 | |
---|
2261 | /* DH */ |
---|
2262 | int |
---|
2263 | eay_dh_generate(prime, g, publen, pub, priv) |
---|
2264 | vchar_t *prime, **pub, **priv; |
---|
2265 | u_int publen; |
---|
2266 | u_int32_t g; |
---|
2267 | { |
---|
2268 | BIGNUM *p = NULL; |
---|
2269 | DH *dh = NULL; |
---|
2270 | int error = -1; |
---|
2271 | |
---|
2272 | /* initialize */ |
---|
2273 | /* pre-process to generate number */ |
---|
2274 | if (eay_v2bn(&p, prime) < 0) |
---|
2275 | goto end; |
---|
2276 | |
---|
2277 | if ((dh = DH_new()) == NULL) |
---|
2278 | goto end; |
---|
2279 | dh->p = p; |
---|
2280 | p = NULL; /* p is now part of dh structure */ |
---|
2281 | dh->g = NULL; |
---|
2282 | if ((dh->g = BN_new()) == NULL) |
---|
2283 | goto end; |
---|
2284 | if (!BN_set_word(dh->g, g)) |
---|
2285 | goto end; |
---|
2286 | |
---|
2287 | if (publen != 0) |
---|
2288 | dh->length = publen; |
---|
2289 | |
---|
2290 | /* generate public and private number */ |
---|
2291 | if (!DH_generate_key(dh)) |
---|
2292 | goto end; |
---|
2293 | |
---|
2294 | /* copy results to buffers */ |
---|
2295 | if (eay_bn2v(pub, dh->pub_key) < 0) |
---|
2296 | goto end; |
---|
2297 | if (eay_bn2v(priv, dh->priv_key) < 0) { |
---|
2298 | vfree(*pub); |
---|
2299 | goto end; |
---|
2300 | } |
---|
2301 | |
---|
2302 | error = 0; |
---|
2303 | |
---|
2304 | end: |
---|
2305 | if (dh != NULL) |
---|
2306 | DH_free(dh); |
---|
2307 | if (p != 0) |
---|
2308 | BN_free(p); |
---|
2309 | return(error); |
---|
2310 | } |
---|
2311 | |
---|
2312 | int |
---|
2313 | eay_dh_compute(prime, g, pub, priv, pub2, key) |
---|
2314 | vchar_t *prime, *pub, *priv, *pub2, **key; |
---|
2315 | u_int32_t g; |
---|
2316 | { |
---|
2317 | BIGNUM *dh_pub = NULL; |
---|
2318 | DH *dh = NULL; |
---|
2319 | int l; |
---|
2320 | unsigned char *v = NULL; |
---|
2321 | int error = -1; |
---|
2322 | |
---|
2323 | /* make public number to compute */ |
---|
2324 | if (eay_v2bn(&dh_pub, pub2) < 0) |
---|
2325 | goto end; |
---|
2326 | |
---|
2327 | /* make DH structure */ |
---|
2328 | if ((dh = DH_new()) == NULL) |
---|
2329 | goto end; |
---|
2330 | if (eay_v2bn(&dh->p, prime) < 0) |
---|
2331 | goto end; |
---|
2332 | if (eay_v2bn(&dh->pub_key, pub) < 0) |
---|
2333 | goto end; |
---|
2334 | if (eay_v2bn(&dh->priv_key, priv) < 0) |
---|
2335 | goto end; |
---|
2336 | dh->length = pub2->l * 8; |
---|
2337 | |
---|
2338 | dh->g = NULL; |
---|
2339 | if ((dh->g = BN_new()) == NULL) |
---|
2340 | goto end; |
---|
2341 | if (!BN_set_word(dh->g, g)) |
---|
2342 | goto end; |
---|
2343 | |
---|
2344 | if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL) |
---|
2345 | goto end; |
---|
2346 | if ((l = DH_compute_key(v, dh_pub, dh)) == -1) |
---|
2347 | goto end; |
---|
2348 | memcpy((*key)->v + (prime->l - l), v, l); |
---|
2349 | |
---|
2350 | error = 0; |
---|
2351 | |
---|
2352 | end: |
---|
2353 | if (dh_pub != NULL) |
---|
2354 | BN_free(dh_pub); |
---|
2355 | if (dh != NULL) |
---|
2356 | DH_free(dh); |
---|
2357 | if (v != NULL) |
---|
2358 | racoon_free(v); |
---|
2359 | return(error); |
---|
2360 | } |
---|
2361 | |
---|
2362 | /* |
---|
2363 | * convert vchar_t <-> BIGNUM. |
---|
2364 | * |
---|
2365 | * vchar_t: unit is u_char, network endian, most significant byte first. |
---|
2366 | * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian, |
---|
2367 | * least significant BN_ULONG must come first. |
---|
2368 | * |
---|
2369 | * hex value of "0x3ffe050104" is represented as follows: |
---|
2370 | * vchar_t: 3f fe 05 01 04 |
---|
2371 | * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f |
---|
2372 | * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f |
---|
2373 | * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f |
---|
2374 | */ |
---|
2375 | int |
---|
2376 | eay_v2bn(bn, var) |
---|
2377 | BIGNUM **bn; |
---|
2378 | vchar_t *var; |
---|
2379 | { |
---|
2380 | if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL) |
---|
2381 | return -1; |
---|
2382 | |
---|
2383 | return 0; |
---|
2384 | } |
---|
2385 | |
---|
2386 | int |
---|
2387 | eay_bn2v(var, bn) |
---|
2388 | vchar_t **var; |
---|
2389 | BIGNUM *bn; |
---|
2390 | { |
---|
2391 | *var = vmalloc(BN_num_bytes(bn)); |
---|
2392 | if (*var == NULL) |
---|
2393 | return(-1); |
---|
2394 | |
---|
2395 | (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v); |
---|
2396 | |
---|
2397 | return 0; |
---|
2398 | } |
---|
2399 | |
---|
2400 | void |
---|
2401 | eay_init() |
---|
2402 | { |
---|
2403 | OpenSSL_add_all_algorithms(); |
---|
2404 | ERR_load_crypto_strings(); |
---|
2405 | #ifdef HAVE_OPENSSL_ENGINE_H |
---|
2406 | ENGINE_load_builtin_engines(); |
---|
2407 | ENGINE_register_all_complete(); |
---|
2408 | #endif |
---|
2409 | } |
---|
2410 | |
---|
2411 | vchar_t * |
---|
2412 | base64_decode(char *in, long inlen) |
---|
2413 | { |
---|
2414 | BIO *bio=NULL, *b64=NULL; |
---|
2415 | vchar_t *res = NULL; |
---|
2416 | char *outb; |
---|
2417 | long outlen; |
---|
2418 | |
---|
2419 | outb = malloc(inlen * 2); |
---|
2420 | if (outb == NULL) |
---|
2421 | goto out; |
---|
2422 | bio = BIO_new_mem_buf(in, inlen); |
---|
2423 | b64 = BIO_new(BIO_f_base64()); |
---|
2424 | BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); |
---|
2425 | bio = BIO_push(b64, bio); |
---|
2426 | |
---|
2427 | outlen = BIO_read(bio, outb, inlen * 2); |
---|
2428 | if (outlen <= 0) { |
---|
2429 | plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); |
---|
2430 | goto out; |
---|
2431 | } |
---|
2432 | |
---|
2433 | res = vmalloc(outlen); |
---|
2434 | if (!res) |
---|
2435 | goto out; |
---|
2436 | |
---|
2437 | memcpy(res->v, outb, outlen); |
---|
2438 | |
---|
2439 | out: |
---|
2440 | if (outb) |
---|
2441 | free(outb); |
---|
2442 | if (bio) |
---|
2443 | BIO_free_all(bio); |
---|
2444 | |
---|
2445 | return res; |
---|
2446 | } |
---|
2447 | |
---|
2448 | vchar_t * |
---|
2449 | base64_encode(char *in, long inlen) |
---|
2450 | { |
---|
2451 | BIO *bio=NULL, *b64=NULL; |
---|
2452 | char *ptr; |
---|
2453 | long plen = -1; |
---|
2454 | vchar_t *res = NULL; |
---|
2455 | |
---|
2456 | bio = BIO_new(BIO_s_mem()); |
---|
2457 | b64 = BIO_new(BIO_f_base64()); |
---|
2458 | BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); |
---|
2459 | bio = BIO_push(b64, bio); |
---|
2460 | |
---|
2461 | BIO_write(bio, in, inlen); |
---|
2462 | BIO_flush(bio); |
---|
2463 | |
---|
2464 | plen = BIO_get_mem_data(bio, &ptr); |
---|
2465 | res = vmalloc(plen+1); |
---|
2466 | if (!res) |
---|
2467 | goto out; |
---|
2468 | |
---|
2469 | memcpy (res->v, ptr, plen); |
---|
2470 | res->v[plen] = '\0'; |
---|
2471 | |
---|
2472 | out: |
---|
2473 | if (bio) |
---|
2474 | BIO_free_all(bio); |
---|
2475 | |
---|
2476 | return res; |
---|
2477 | } |
---|
2478 | |
---|
2479 | static RSA * |
---|
2480 | binbuf_pubkey2rsa(vchar_t *binbuf) |
---|
2481 | { |
---|
2482 | BIGNUM *exp, *mod; |
---|
2483 | RSA *rsa_pub = NULL; |
---|
2484 | |
---|
2485 | if (binbuf->v[0] > binbuf->l - 1) { |
---|
2486 | plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n"); |
---|
2487 | goto out; |
---|
2488 | } |
---|
2489 | |
---|
2490 | exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL); |
---|
2491 | mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1), |
---|
2492 | binbuf->l - binbuf->v[0] - 1, NULL); |
---|
2493 | rsa_pub = RSA_new(); |
---|
2494 | |
---|
2495 | if (!exp || !mod || !rsa_pub) { |
---|
2496 | plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror()); |
---|
2497 | if (exp) |
---|
2498 | BN_free(exp); |
---|
2499 | if (mod) |
---|
2500 | BN_free(exp); |
---|
2501 | if (rsa_pub) |
---|
2502 | RSA_free(rsa_pub); |
---|
2503 | rsa_pub = NULL; |
---|
2504 | goto out; |
---|
2505 | } |
---|
2506 | |
---|
2507 | rsa_pub->n = mod; |
---|
2508 | rsa_pub->e = exp; |
---|
2509 | |
---|
2510 | out: |
---|
2511 | return rsa_pub; |
---|
2512 | } |
---|
2513 | |
---|
2514 | RSA * |
---|
2515 | base64_pubkey2rsa(char *in) |
---|
2516 | { |
---|
2517 | BIGNUM *exp, *mod; |
---|
2518 | RSA *rsa_pub = NULL; |
---|
2519 | vchar_t *binbuf; |
---|
2520 | |
---|
2521 | if (strncmp(in, "0s", 2) != 0) { |
---|
2522 | plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n"); |
---|
2523 | return NULL; |
---|
2524 | } |
---|
2525 | |
---|
2526 | binbuf = base64_decode(in + 2, strlen(in + 2)); |
---|
2527 | if (!binbuf) { |
---|
2528 | plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n"); |
---|
2529 | return NULL; |
---|
2530 | } |
---|
2531 | |
---|
2532 | if (binbuf->v[0] > binbuf->l - 1) { |
---|
2533 | plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n"); |
---|
2534 | goto out; |
---|
2535 | } |
---|
2536 | |
---|
2537 | rsa_pub = binbuf_pubkey2rsa(binbuf); |
---|
2538 | |
---|
2539 | out: |
---|
2540 | if (binbuf) |
---|
2541 | vfree(binbuf); |
---|
2542 | |
---|
2543 | return rsa_pub; |
---|
2544 | } |
---|
2545 | |
---|
2546 | RSA * |
---|
2547 | bignum_pubkey2rsa(BIGNUM *in) |
---|
2548 | { |
---|
2549 | RSA *rsa_pub = NULL; |
---|
2550 | vchar_t *binbuf; |
---|
2551 | |
---|
2552 | binbuf = vmalloc(BN_num_bytes(in)); |
---|
2553 | if (!binbuf) { |
---|
2554 | plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n"); |
---|
2555 | return NULL; |
---|
2556 | } |
---|
2557 | |
---|
2558 | BN_bn2bin(in, (unsigned char *) binbuf->v); |
---|
2559 | |
---|
2560 | rsa_pub = binbuf_pubkey2rsa(binbuf); |
---|
2561 | |
---|
2562 | out: |
---|
2563 | if (binbuf) |
---|
2564 | vfree(binbuf); |
---|
2565 | |
---|
2566 | return rsa_pub; |
---|
2567 | } |
---|
2568 | |
---|
2569 | u_int32_t |
---|
2570 | eay_random() |
---|
2571 | { |
---|
2572 | u_int32_t result; |
---|
2573 | vchar_t *vrand; |
---|
2574 | |
---|
2575 | vrand = eay_set_random(sizeof(result)); |
---|
2576 | memcpy(&result, vrand->v, sizeof(result)); |
---|
2577 | vfree(vrand); |
---|
2578 | |
---|
2579 | return result; |
---|
2580 | } |
---|
2581 | |
---|
2582 | const char * |
---|
2583 | eay_version() |
---|
2584 | { |
---|
2585 | return SSLeay_version(SSLEAY_VERSION); |
---|
2586 | } |
---|