1 /* $NetBSD: crypto_openssl.c,v 1.31 2025/03/08 16:39:08 christos Exp $ */
2
3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #include <sys/types.h>
37 #include <sys/param.h>
38
39 #include <stdlib.h>
40 #include <stdio.h>
41 #include <limits.h>
42 #include <string.h>
43
44 /* get openssl/ssleay version number */
45 #include <openssl/opensslv.h>
46
47 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090813fL)
48 #error OpenSSL version 0.9.8s or later required.
49 #endif
50
51 #include <openssl/pem.h>
52 #include <openssl/evp.h>
53 #include <openssl/x509.h>
54 #include <openssl/x509v3.h>
55 #include <openssl/x509_vfy.h>
56 #include <openssl/bn.h>
57 #include <openssl/dh.h>
58 #include <openssl/md5.h>
59 #include <openssl/sha.h>
60 #include <openssl/hmac.h>
61 #include <openssl/des.h>
62 #include <openssl/crypto.h>
63 #ifdef HAVE_OPENSSL_ENGINE_H
64 #include <openssl/engine.h>
65 #endif
66 #include <openssl/blowfish.h>
67 #include <openssl/cast.h>
68 #include <openssl/err.h>
69 #ifdef HAVE_OPENSSL_RC5_H
70 #include <openssl/rc5.h>
71 #endif
72 #ifdef HAVE_OPENSSL_IDEA_H
73 #include <openssl/idea.h>
74 #endif
75 #if defined(HAVE_OPENSSL_AES_H)
76 #include <openssl/aes.h>
77 #elif defined(HAVE_OPENSSL_RIJNDAEL_H)
78 #include <openssl/rijndael.h>
79 #else
80 #include "crypto/rijndael/rijndael-api-fst.h"
81 #endif
82 #if defined(HAVE_OPENSSL_CAMELLIA_H)
83 #include <openssl/camellia.h>
84 #endif
85 #ifdef WITH_SHA2
86 #ifdef HAVE_OPENSSL_SHA2_H
87 #include <openssl/sha2.h>
88 #else
89 #include "crypto/sha2/sha2.h"
90 #endif
91 #endif
92 #include "plog.h"
93
94 #define USE_NEW_DES_API
95
96 #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
97
98 #include "var.h"
99 #include "misc.h"
100 #include "vmbuf.h"
101 #include "plog.h"
102 #include "crypto_openssl.h"
103 #include "debug.h"
104 #include "gcmalloc.h"
105 #include "isakmp.h"
106
107 /*
108 * I hate to cast every parameter to des_xx into void *, but it is
109 * necessary for SSLeay/OpenSSL portability. It sucks.
110 */
111
112 static int cb_check_cert_local(int, X509_STORE_CTX *);
113 static int cb_check_cert_remote(int, X509_STORE_CTX *);
114 static X509 *mem2x509(vchar_t *);
115
116 static caddr_t eay_hmac_init(vchar_t *, const EVP_MD *);
117
118 /* X509 Certificate */
119 /*
120 * convert the string of the subject name into DER
121 * e.g. str = "C=JP, ST=Kanagawa";
122 */
123 vchar_t *
eay_str2asn1dn(const char * str,int len)124 eay_str2asn1dn(const char *str, int len)
125 {
126 X509_NAME *name;
127 char *buf, *dst;
128 char *field, *value;
129 int i;
130 vchar_t *ret = NULL;
131 caddr_t p;
132
133 if (len == -1)
134 len = strlen(str);
135
136 buf = racoon_malloc(len + 1);
137 if (!buf) {
138 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
139 return NULL;
140 }
141 memcpy(buf, str, len);
142
143 name = X509_NAME_new();
144
145 dst = field = &buf[0];
146 value = NULL;
147 for (i = 0; i < len; i++) {
148 if (buf[i] == '\\') {
149 /* Escape characters specified in RFC 2253 */
150 if (i < len - 1 &&
151 strchr("\\,=+<>#;", buf[i+1]) != NULL) {
152 *dst++ = buf[++i];
153 continue;
154 } else if (i < len - 2) {
155 /* RFC 2253 hexpair character escape */
156 long u;
157 char esc_str[3];
158 char *endptr;
159
160 esc_str[0] = buf[++i];
161 esc_str[1] = buf[++i];
162 esc_str[2] = '\0';
163 u = strtol(esc_str, &endptr, 16);
164 if (*endptr != '\0' || u < 0 || u > 255)
165 goto err;
166 *dst++ = u;
167 continue;
168 } else
169 goto err;
170 }
171 if (!value && buf[i] == '=') {
172 *dst = '\0';
173 dst = value = &buf[i + 1];
174 continue;
175 } else if (buf[i] == ',' || buf[i] == '/') {
176 *dst = '\0';
177
178 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
179 field, value);
180
181 if (!value) goto err;
182 if (!X509_NAME_add_entry_by_txt(name, field,
183 (value[0] == '*' && value[1] == 0) ?
184 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
185 (unsigned char *) value, -1, -1, 0)) {
186 plog(LLV_ERROR, LOCATION, NULL,
187 "Invalid DN field: %s=%s\n",
188 field, value);
189 plog(LLV_ERROR, LOCATION, NULL,
190 "%s\n", eay_strerror());
191 goto err;
192 }
193
194 while (i + 1 < len && buf[i + 1] == ' ') i++;
195 dst = field = &buf[i + 1];
196 value = NULL;
197 continue;
198 } else {
199 *dst++ = buf[i];
200 }
201 }
202 *dst = '\0';
203
204 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
205 field, value);
206
207 if (!value) goto err;
208 if (!X509_NAME_add_entry_by_txt(name, field,
209 (value[0] == '*' && value[1] == 0) ?
210 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
211 (unsigned char *) value, -1, -1, 0)) {
212 plog(LLV_ERROR, LOCATION, NULL,
213 "Invalid DN field: %s=%s\n",
214 field, value);
215 plog(LLV_ERROR, LOCATION, NULL,
216 "%s\n", eay_strerror());
217 goto err;
218 }
219
220 i = i2d_X509_NAME(name, NULL);
221 if (!i)
222 goto err;
223 ret = vmalloc(i);
224 if (!ret)
225 goto err;
226 p = ret->v;
227 i = i2d_X509_NAME(name, (void *)&p);
228 if (!i)
229 goto err;
230
231 return ret;
232
233 err:
234 if (buf)
235 racoon_free(buf);
236 if (name)
237 X509_NAME_free(name);
238 if (ret)
239 vfree(ret);
240 return NULL;
241 }
242
243 /*
244 * convert the hex string of the subject name into DER
245 */
246 vchar_t *
eay_hex2asn1dn(const char * hex,int len)247 eay_hex2asn1dn(const char *hex, int len)
248 {
249 BIGNUM *bn = BN_new();
250 char *binbuf;
251 size_t binlen;
252 vchar_t *ret = NULL;
253
254 if (len == -1)
255 len = strlen(hex);
256
257 if (BN_hex2bn(&bn, hex) != len) {
258 plog(LLV_ERROR, LOCATION, NULL,
259 "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
260 eay_strerror());
261 goto out;
262 }
263
264 binlen = BN_num_bytes(bn);
265 ret = vmalloc(binlen);
266 if (!ret) {
267 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
268 return NULL;
269 }
270 binbuf = ret->v;
271
272 BN_bn2bin(bn, (unsigned char *) binbuf);
273
274 out:
275 BN_free(bn);
276
277 return ret;
278 }
279
280 /*
281 * compare two subjectNames.
282 * OUT: 0: equal
283 * positive:
284 * -1: other error.
285 */
286 int
eay_cmp_asn1dn(vchar_t * n1,vchar_t * n2)287 eay_cmp_asn1dn(vchar_t *n1, vchar_t *n2)
288 {
289 X509_NAME *a = NULL, *b = NULL;
290 caddr_t p;
291 char oneLine[512];
292 int i = -1;
293 int idx;
294
295 p = n1->v;
296 if (!d2i_X509_NAME(&a, (void *)&p, n1->l)) {
297 plog(LLV_ERROR, LOCATION, NULL, "eay_cmp_asn1dn: first dn not a dn");
298 goto end;
299 }
300 plog(LLV_DEBUG, LOCATION, NULL, "1st name: %s\n", X509_NAME_oneline(a, oneLine, sizeof(oneLine)));
301 p = n2->v;
302 if (!d2i_X509_NAME(&b, (void *)&p, n2->l)) {
303 plog(LLV_ERROR, LOCATION, NULL, "eay_cmp_asn1dn: second dn not a dn");
304 goto end;
305 }
306 plog(LLV_DEBUG, LOCATION, NULL, "2nd name: %s\n", X509_NAME_oneline(b, oneLine, sizeof(oneLine)));
307
308 /* handle wildcard: do not compare entry content but only entry object type */
309 for(idx = 0; idx < X509_NAME_entry_count(a); idx++) {
310 X509_NAME_ENTRY *ea = X509_NAME_get_entry(a, idx);
311 X509_NAME_ENTRY *eb = X509_NAME_get_entry(b, idx);
312 ASN1_STRING *eda, *edb;
313 if (!eb) { /* reached end of eb while still entries in ea, can not be equal... */
314 i = idx+1;
315 goto end;
316 }
317 eda = X509_NAME_ENTRY_get_data(ea);
318 edb = X509_NAME_ENTRY_get_data(eb);
319 if ((eda->length == 1 && eda->data[0] == '*') ||
320 (edb->length == 1 && edb->data[0] == '*')) {
321 ASN1_OBJECT *eoa, *eob;
322 eoa = X509_NAME_ENTRY_get_object(ea);
323 eob = X509_NAME_ENTRY_get_object(eb);
324 if (OBJ_cmp(eoa, eob)) {
325 i = idx+1;
326 goto end;
327 }
328 /* OK: object type equals, we don't care for this entry anymore, so let's forget it... */
329 X509_NAME_delete_entry(a, idx);
330 X509_NAME_delete_entry(b, idx);
331 X509_NAME_ENTRY_free(ea);
332 X509_NAME_ENTRY_free(eb);
333 idx--;
334 }
335 }
336 if (X509_NAME_entry_count(a) == 0 && X509_NAME_entry_count(b) == 0)
337 i = 0;
338 else
339 i = X509_NAME_cmp(a, b);
340
341 end:
342 if (a)
343 X509_NAME_free(a);
344 if (b)
345 X509_NAME_free(b);
346 return i;
347 }
348
349 /*
350 * this functions is derived from apps/verify.c in OpenSSL0.9.5
351 */
352 int
eay_check_x509cert(vchar_t * cert,char * CApath,char * CAfile,int local)353 eay_check_x509cert(vchar_t *cert, char *CApath, char *CAfile, int local)
354 {
355 X509_STORE *cert_ctx = NULL;
356 X509_LOOKUP *lookup = NULL;
357 X509 *x509 = NULL;
358 X509_STORE_CTX *csc;
359 int error = -1;
360
361 cert_ctx = X509_STORE_new();
362 if (cert_ctx == NULL)
363 goto end;
364
365 if (local)
366 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
367 else
368 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
369
370 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
371 if (lookup == NULL)
372 goto end;
373
374 X509_LOOKUP_load_file(lookup, CAfile,
375 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
376
377 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
378 if (lookup == NULL)
379 goto end;
380 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
381 if(!error) {
382 error = -1;
383 goto end;
384 }
385 error = -1; /* initialized */
386
387 /* read the certificate to be verified */
388 x509 = mem2x509(cert);
389 if (x509 == NULL)
390 goto end;
391
392 csc = X509_STORE_CTX_new();
393 if (csc == NULL)
394 goto end;
395 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
396 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
397 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
398 error = X509_verify_cert(csc);
399 X509_STORE_CTX_free(csc);
400
401 /*
402 * if x509_verify_cert() is successful then the value of error is
403 * set non-zero.
404 */
405 error = error ? 0 : -1;
406
407 end:
408 if (error)
409 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
410 if (cert_ctx != NULL)
411 X509_STORE_free(cert_ctx);
412 if (x509 != NULL)
413 X509_free(x509);
414
415 return(error);
416 }
417
418 /*
419 * callback function for verifing certificate.
420 * this function is derived from cb() in openssl/apps/s_server.c
421 */
422 static int
cb_check_cert_local(int ok,X509_STORE_CTX * ctx)423 cb_check_cert_local(int ok, X509_STORE_CTX *ctx)
424 {
425 char buf[256];
426 int log_tag, error;
427
428 if (!ok) {
429 X509_NAME_oneline(X509_get_subject_name(
430 X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
431 /*
432 * since we are just checking the certificates, it is
433 * ok if they are self signed. But we should still warn
434 * the user.
435 */
436 switch (error = X509_STORE_CTX_get_error(ctx)) {
437 case X509_V_ERR_CERT_HAS_EXPIRED:
438 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
439 case X509_V_ERR_INVALID_CA:
440 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
441 case X509_V_ERR_INVALID_PURPOSE:
442 case X509_V_ERR_UNABLE_TO_GET_CRL:
443 ok = 1;
444 log_tag = LLV_WARNING;
445 break;
446 default:
447 log_tag = LLV_ERROR;
448 }
449 plog(log_tag, LOCATION, NULL,
450 "%s(%d) at depth:%d SubjectName:%s\n",
451 X509_verify_cert_error_string(error), error,
452 X509_STORE_CTX_get_error_depth(ctx),
453 buf);
454 }
455 ERR_clear_error();
456
457 return ok;
458 }
459
460 /*
461 * callback function for verifing remote certificates.
462 * this function is derived from cb() in openssl/apps/s_server.c
463 */
464 static int
cb_check_cert_remote(int ok,X509_STORE_CTX * ctx)465 cb_check_cert_remote(int ok, X509_STORE_CTX *ctx)
466 {
467 char buf[256];
468 int log_tag, error;
469
470 if (!ok) {
471 X509_NAME_oneline(X509_get_subject_name(
472 X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
473 switch (error = X509_STORE_CTX_get_error(ctx)) {
474 case X509_V_ERR_UNABLE_TO_GET_CRL:
475 ok = 1;
476 log_tag = LLV_WARNING;
477 break;
478 default:
479 log_tag = LLV_ERROR;
480 }
481 plog(log_tag, LOCATION, NULL,
482 "%s(%d) at depth:%d SubjectName:%s\n",
483 X509_verify_cert_error_string(error),
484 error,
485 X509_STORE_CTX_get_error_depth(ctx),
486 buf);
487 }
488 ERR_clear_error();
489
490 return ok;
491 }
492
493 /*
494 * get a subjectName from X509 certificate.
495 */
496 vchar_t *
eay_get_x509asn1subjectname(vchar_t * cert)497 eay_get_x509asn1subjectname(vchar_t *cert)
498 {
499 X509 *x509 = NULL;
500 X509_NAME *xname;
501 u_char *bp;
502 vchar_t *name = NULL;
503 int len;
504
505 x509 = mem2x509(cert);
506 if (x509 == NULL)
507 goto error;
508
509 /* get the length of the name */
510 xname = X509_get_subject_name(x509);
511 len = i2d_X509_NAME(xname, NULL);
512 name = vmalloc(len);
513 if (!name)
514 goto error;
515 /* get the name */
516 bp = (unsigned char *) name->v;
517 len = i2d_X509_NAME(xname, &bp);
518
519 X509_free(x509);
520
521 return name;
522
523 error:
524 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
525
526 if (name != NULL)
527 vfree(name);
528
529 if (x509 != NULL)
530 X509_free(x509);
531
532 return NULL;
533 }
534
535 /*
536 * get the subjectAltName from X509 certificate.
537 * the name must be terminated by '\0'.
538 */
539 int
eay_get_x509subjectaltname(vchar_t * cert,char ** altname,int * type,int pos)540 eay_get_x509subjectaltname(vchar_t *cert, char **altname, int *type, int pos)
541 {
542 X509 *x509 = NULL;
543 GENERAL_NAMES *gens = NULL;
544 GENERAL_NAME *gen;
545 int len;
546 int error = -1;
547
548 *altname = NULL;
549 *type = GENT_OTHERNAME;
550
551 x509 = mem2x509(cert);
552 if (x509 == NULL)
553 goto end;
554
555 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
556 if (gens == NULL)
557 goto end;
558
559 /* there is no data at "pos" */
560 if (pos > sk_GENERAL_NAME_num(gens))
561 goto end;
562
563 gen = sk_GENERAL_NAME_value(gens, pos - 1);
564
565 /* read DNSName / Email */
566 if (gen->type == GEN_DNS ||
567 gen->type == GEN_EMAIL ||
568 gen->type == GEN_URI )
569 {
570 /* make sure if the data is terminated by '\0'. */
571 if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
572 {
573 plog(LLV_ERROR, LOCATION, NULL,
574 "data is not terminated by NUL.");
575 racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
576 goto end;
577 }
578
579 len = gen->d.ia5->length + 1;
580 *altname = racoon_malloc(len);
581 if (!*altname)
582 goto end;
583
584 strlcpy(*altname, (char *) gen->d.ia5->data, len);
585 *type = gen->type;
586 error = 0;
587 }
588 /* read IP address */
589 else if (gen->type == GEN_IPADD)
590 {
591 switch (gen->d.iPAddress->length) {
592 case 4: /* IPv4 */
593 *altname = racoon_malloc(4*3 + 3 + 1); /* digits + decimals + null */
594 if (!*altname)
595 goto end;
596
597 snprintf(*altname, 12+3+1, "%u.%u.%u.%u",
598 (unsigned)gen->d.iPAddress->data[0],
599 (unsigned)gen->d.iPAddress->data[1],
600 (unsigned)gen->d.iPAddress->data[2],
601 (unsigned)gen->d.iPAddress->data[3]);
602 break;
603 case 16: { /* IPv6 */
604 int i;
605
606 *altname = racoon_malloc(16*2 + 7 + 1); /* digits + colons + null */
607 if (!*altname)
608 goto end;
609
610 /* Make NULL terminated IPv6 address */
611 for (i=0; i<16; ++i) {
612 int xpos = i*2 + i/2;
613
614 if (i>0 && i%2==0)
615 (*altname)[xpos-1] = ':';
616
617 snprintf(*altname + xpos, 3, "%02x",
618 (unsigned)gen->d.iPAddress->data[i]);
619
620 }
621 plog(LLV_INFO, LOCATION, NULL,
622 "Remote X509 IPv6 addr: %s", *altname);
623 break;
624 }
625 default:
626 plog(LLV_ERROR, LOCATION, NULL,
627 "Unknown IP address length: %u octects.",
628 gen->d.iPAddress->length);
629 goto end;
630 }
631
632 *type = gen->type;
633 error = 0;
634 }
635 /* XXX other possible types ?
636 * For now, error will be -1 if unsupported type
637 */
638
639 end:
640 if (error) {
641 if (*altname) {
642 racoon_free(*altname);
643 *altname = NULL;
644 }
645 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
646 }
647 if (x509)
648 X509_free(x509);
649 if (gens)
650 /* free the whole stack. */
651 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
652
653 return error;
654 }
655
656 /*
657 * get a issuerName from X509 certificate.
658 */
659 vchar_t *
eay_get_x509asn1issuername(vchar_t * cert)660 eay_get_x509asn1issuername(vchar_t *cert)
661 {
662 X509 *x509 = NULL;
663 X509_NAME *xissuer;
664 u_char *bp;
665 vchar_t *name = NULL;
666 int len;
667
668 x509 = mem2x509(cert);
669 if (x509 == NULL)
670 goto error;
671
672 /* get the length of the name */
673 xissuer = X509_get_issuer_name(x509);
674 len = i2d_X509_NAME(xissuer, NULL);
675 name = vmalloc(len);
676 if (name == NULL)
677 goto error;
678
679 /* get the name */
680 bp = (unsigned char *) name->v;
681 len = i2d_X509_NAME(xissuer, &bp);
682
683 X509_free(x509);
684
685 return name;
686
687 error:
688 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
689
690 if (name != NULL)
691 vfree(name);
692 if (x509 != NULL)
693 X509_free(x509);
694
695 return NULL;
696 }
697
698 /*
699 * decode a X509 certificate and make a readable text terminated '\n'.
700 * return the buffer allocated, so must free it later.
701 */
702 char *
eay_get_x509text(vchar_t * cert)703 eay_get_x509text(vchar_t *cert)
704 {
705 X509 *x509 = NULL;
706 BIO *bio = NULL;
707 char *text = NULL;
708 u_char *bp = NULL;
709 long len = 0;
710 int error = -1;
711
712 x509 = mem2x509(cert);
713 if (x509 == NULL)
714 goto end;
715
716 bio = BIO_new(BIO_s_mem());
717 if (bio == NULL)
718 goto end;
719
720 error = X509_print(bio, x509);
721 if (error != 1) {
722 error = -1;
723 goto end;
724 }
725
726 len = BIO_get_mem_data(bio, &bp);
727 text = racoon_malloc(len + 1);
728 if (text == NULL)
729 goto end;
730 memcpy(text, bp, len);
731 text[len] = '\0';
732
733 error = 0;
734
735 end:
736 if (error) {
737 if (text) {
738 racoon_free(text);
739 text = NULL;
740 }
741 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
742 }
743 if (bio)
744 BIO_free(bio);
745 if (x509)
746 X509_free(x509);
747
748 return text;
749 }
750
751 /* get X509 structure from buffer. */
752 static X509 *
mem2x509(vchar_t * cert)753 mem2x509(vchar_t *cert)
754 {
755 X509 *x509;
756
757 #ifndef EAYDEBUG
758 {
759 u_char *bp;
760
761 bp = (unsigned char *) cert->v + 1;
762
763 x509 = d2i_X509(NULL, (void *)&bp, cert->l - 1);
764 }
765 #else
766 {
767 BIO *bio;
768 int len;
769
770 bio = BIO_new(BIO_s_mem());
771 if (bio == NULL)
772 return NULL;
773 len = BIO_write(bio, cert->v + 1, cert->l - 1);
774 if (len == -1)
775 return NULL;
776 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
777 BIO_free(bio);
778 }
779 #endif
780 return x509;
781 }
782
783 /*
784 * get a X509 certificate from local file.
785 * a certificate must be PEM format.
786 * Input:
787 * path to a certificate.
788 * Output:
789 * NULL if error occured
790 * other is the cert.
791 */
792 vchar_t *
eay_get_x509cert(char * path)793 eay_get_x509cert(char *path)
794 {
795 FILE *fp;
796 X509 *x509;
797 vchar_t *cert;
798 u_char *bp;
799 int len;
800 int error;
801
802 /* Read private key */
803 fp = fopen(path, "r");
804 if (fp == NULL)
805 return NULL;
806 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
807 fclose (fp);
808
809 if (x509 == NULL)
810 return NULL;
811
812 len = i2d_X509(x509, NULL);
813 cert = vmalloc(len + 1);
814 if (cert == NULL) {
815 X509_free(x509);
816 return NULL;
817 }
818 cert->v[0] = ISAKMP_CERT_X509SIGN;
819 bp = (unsigned char *) &cert->v[1];
820 error = i2d_X509(x509, &bp);
821 X509_free(x509);
822
823 if (error == 0) {
824 vfree(cert);
825 return NULL;
826 }
827
828 return cert;
829 }
830
831 /*
832 * check a X509 signature
833 * XXX: to be get hash type from my cert ?
834 * to be handled EVP_dss().
835 * OUT: return -1 when error.
836 * 0
837 */
838 int
eay_check_x509sign(vchar_t * source,vchar_t * sig,vchar_t * cert)839 eay_check_x509sign(vchar_t *source, vchar_t *sig, vchar_t *cert)
840 {
841 X509 *x509;
842 EVP_PKEY *evp;
843 int res;
844
845 x509 = mem2x509(cert);
846 if (x509 == NULL)
847 return -1;
848
849 evp = X509_get_pubkey(x509);
850 if (! evp) {
851 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
852 X509_free(x509);
853 return -1;
854 }
855
856 res = eay_rsa_verify(source, sig, __UNCONST(EVP_PKEY_get0_RSA(evp)));
857
858 EVP_PKEY_free(evp);
859 X509_free(x509);
860
861 return res;
862 }
863
864 /*
865 * check RSA signature
866 * OUT: return -1 when error.
867 * 0 on success
868 */
869 int
eay_check_rsasign(vchar_t * source,vchar_t * sig,RSA * rsa)870 eay_check_rsasign(vchar_t *source, vchar_t *sig, RSA *rsa)
871 {
872 return eay_rsa_verify(source, sig, rsa);
873 }
874
875 /*
876 * get PKCS#1 Private Key of PEM format from local file.
877 */
878 vchar_t *
eay_get_pkcs1privkey(char * path)879 eay_get_pkcs1privkey(char *path)
880 {
881 FILE *fp;
882 EVP_PKEY *evp = NULL;
883 vchar_t *pkey = NULL;
884 u_char *bp;
885 int pkeylen;
886 int error = -1;
887
888 /* Read private key */
889 fp = fopen(path, "r");
890 if (fp == NULL)
891 return NULL;
892
893 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
894
895 fclose (fp);
896
897 if (evp == NULL)
898 return NULL;
899
900 pkeylen = i2d_PrivateKey(evp, NULL);
901 if (pkeylen == 0)
902 goto end;
903 pkey = vmalloc(pkeylen);
904 if (pkey == NULL)
905 goto end;
906 bp = (unsigned char *) pkey->v;
907 pkeylen = i2d_PrivateKey(evp, &bp);
908 if (pkeylen == 0)
909 goto end;
910
911 error = 0;
912
913 end:
914 if (evp != NULL)
915 EVP_PKEY_free(evp);
916 if (error != 0 && pkey != NULL) {
917 vfree(pkey);
918 pkey = NULL;
919 }
920
921 return pkey;
922 }
923
924 /*
925 * get PKCS#1 Public Key of PEM format from local file.
926 */
927 vchar_t *
eay_get_pkcs1pubkey(char * path)928 eay_get_pkcs1pubkey(char *path)
929 {
930 FILE *fp;
931 EVP_PKEY *evp = NULL;
932 vchar_t *pkey = NULL;
933 X509 *x509 = NULL;
934 u_char *bp;
935 int pkeylen;
936 int error = -1;
937
938 /* Read private key */
939 fp = fopen(path, "r");
940 if (fp == NULL)
941 return NULL;
942
943 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
944
945 fclose (fp);
946
947 if (x509 == NULL)
948 return NULL;
949
950 /* Get public key - eay */
951 evp = X509_get_pubkey(x509);
952 if (evp == NULL)
953 return NULL;
954
955 pkeylen = i2d_PublicKey(evp, NULL);
956 if (pkeylen == 0)
957 goto end;
958 pkey = vmalloc(pkeylen);
959 if (pkey == NULL)
960 goto end;
961 bp = (unsigned char *) pkey->v;
962 pkeylen = i2d_PublicKey(evp, &bp);
963 if (pkeylen == 0)
964 goto end;
965
966 error = 0;
967 end:
968 if (evp != NULL)
969 EVP_PKEY_free(evp);
970 if (error != 0 && pkey != NULL) {
971 vfree(pkey);
972 pkey = NULL;
973 }
974
975 return pkey;
976 }
977
978 vchar_t *
eay_get_x509sign(vchar_t * src,vchar_t * privkey)979 eay_get_x509sign(vchar_t *src, vchar_t *privkey)
980 {
981 EVP_PKEY *evp;
982 u_char *bp = (unsigned char *) privkey->v;
983 vchar_t *sig = NULL;
984
985 /* XXX to be handled EVP_PKEY_DSA */
986 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
987 if (evp == NULL)
988 return NULL;
989
990 sig = eay_rsa_sign(src, __UNCONST(EVP_PKEY_get0_RSA(evp)));
991
992 EVP_PKEY_free(evp);
993
994 return sig;
995 }
996
997 vchar_t *
eay_get_rsasign(vchar_t * src,RSA * rsa)998 eay_get_rsasign(vchar_t *src, RSA *rsa)
999 {
1000 return eay_rsa_sign(src, rsa);
1001 }
1002
1003 vchar_t *
eay_rsa_sign(vchar_t * src,RSA * rsa)1004 eay_rsa_sign(vchar_t *src, RSA *rsa)
1005 {
1006 int len;
1007 vchar_t *sig = NULL;
1008 int pad = RSA_PKCS1_PADDING;
1009
1010 len = RSA_size(rsa);
1011
1012 sig = vmalloc(len);
1013 if (sig == NULL)
1014 return NULL;
1015
1016 len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1017 (unsigned char *) sig->v, rsa, pad);
1018
1019 if (len == 0 || len != sig->l) {
1020 vfree(sig);
1021 sig = NULL;
1022 }
1023
1024 return sig;
1025 }
1026
1027 int
eay_rsa_verify(vchar_t * src,vchar_t * sig,RSA * rsa)1028 eay_rsa_verify(vchar_t *src, vchar_t *sig, RSA *rsa)
1029 {
1030 vchar_t *xbuf = NULL;
1031 int pad = RSA_PKCS1_PADDING;
1032 int len = 0;
1033 int error;
1034
1035 len = RSA_size(rsa);
1036 xbuf = vmalloc(len);
1037 if (xbuf == NULL) {
1038 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1039 return -1;
1040 }
1041
1042 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1043 (unsigned char *) xbuf->v, rsa, pad);
1044 if (len == 0 || len != src->l) {
1045 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1046 vfree(xbuf);
1047 return -1;
1048 }
1049
1050 error = memcmp(src->v, xbuf->v, src->l);
1051 vfree(xbuf);
1052 if (error != 0)
1053 return -1;
1054
1055 return 0;
1056 }
1057
1058 /*
1059 * get error string
1060 * MUST load ERR_load_crypto_strings() first.
1061 */
1062 char *
eay_strerror(void)1063 eay_strerror(void)
1064 {
1065 static char ebuf[512];
1066 int len = 0, n;
1067 unsigned long l;
1068 char buf[200];
1069 const char *file, *data;
1070 int line, flags;
1071 unsigned long es;
1072
1073 es = CRYPTO_thread_id();
1074
1075 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1076 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1077 "%lu:%s:%s:%d:%s ",
1078 es, ERR_error_string(l, buf), file, line,
1079 (flags & ERR_TXT_STRING) ? data : "");
1080 if (n < 0 || n >= sizeof(ebuf) - len)
1081 break;
1082 len += n;
1083 if (sizeof(ebuf) < len)
1084 break;
1085 }
1086
1087 return ebuf;
1088 }
1089
1090 vchar_t *
evp_crypt(vchar_t * data,vchar_t * key,vchar_t * iv,const EVP_CIPHER * e,int enc)1091 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1092 {
1093 vchar_t *res;
1094 EVP_CIPHER_CTX *ctx;
1095
1096 if (!e)
1097 return NULL;
1098
1099 if (data->l % EVP_CIPHER_block_size(e))
1100 return NULL;
1101
1102 if ((res = vmalloc(data->l)) == NULL)
1103 return NULL;
1104
1105 ctx = EVP_CIPHER_CTX_new();
1106 if (ctx == NULL)
1107 return NULL;
1108
1109 switch(EVP_CIPHER_nid(e)){
1110 case NID_bf_cbc:
1111 case NID_bf_ecb:
1112 case NID_bf_cfb64:
1113 case NID_bf_ofb64:
1114 case NID_cast5_cbc:
1115 case NID_cast5_ecb:
1116 case NID_cast5_cfb64:
1117 case NID_cast5_ofb64:
1118 /* XXX: can we do that also for algos with a fixed key size ?
1119 */
1120 /* init context without key/iv
1121 */
1122 if (!EVP_CipherInit(ctx, e, NULL, NULL, enc))
1123 goto out;
1124
1125 /* update key size
1126 */
1127 if (!EVP_CIPHER_CTX_set_key_length(ctx, key->l))
1128 goto out;
1129
1130 /* finalize context init with desired key size
1131 */
1132 if (!EVP_CipherInit(ctx, NULL, (u_char *)key->v,
1133 (u_char *)iv->v, enc))
1134 goto out;
1135 break;
1136 default:
1137 if (!EVP_CipherInit(ctx, e, (u_char *) key->v,
1138 (u_char *) iv->v, enc))
1139 goto out;
1140 }
1141
1142 /* disable openssl padding */
1143 EVP_CIPHER_CTX_set_padding(ctx, 0);
1144
1145 if (!EVP_Cipher(ctx, (u_char *) res->v, (u_char *) data->v, data->l))
1146 goto out;
1147
1148 EVP_CIPHER_CTX_free(ctx);
1149
1150 return res;
1151 out:
1152 EVP_CIPHER_CTX_free(ctx);
1153 OpenSSL_BUG();
1154 vfree(res);
1155 return NULL;
1156 }
1157
1158 int
evp_weakkey(vchar_t * key __unused,const EVP_CIPHER * e __unused)1159 evp_weakkey(vchar_t *key __unused, const EVP_CIPHER *e __unused)
1160 {
1161 return 0;
1162 }
1163
1164 int
evp_keylen(int len,const EVP_CIPHER * e)1165 evp_keylen(int len, const EVP_CIPHER *e)
1166 {
1167 if (!e)
1168 return -1;
1169 /* EVP functions return lengths in bytes, ipsec-tools
1170 * uses lengths in bits, therefore conversion is required. --AK
1171 */
1172 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1173 return -1;
1174
1175 return EVP_CIPHER_key_length(e) << 3;
1176 }
1177
1178 /*
1179 * DES-CBC
1180 */
1181 vchar_t *
eay_des_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1182 eay_des_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1183 {
1184 return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1185 }
1186
1187 vchar_t *
eay_des_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1188 eay_des_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1189 {
1190 return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1191 }
1192
1193 int
eay_des_weakkey(vchar_t * key)1194 eay_des_weakkey(vchar_t *key)
1195 {
1196 #ifdef USE_NEW_DES_API
1197 return DES_is_weak_key((void *)key->v);
1198 #else
1199 return des_is_weak_key((void *)key->v);
1200 #endif
1201 }
1202
1203 int
eay_des_keylen(int len)1204 eay_des_keylen(int len)
1205 {
1206 return evp_keylen(len, EVP_des_cbc());
1207 }
1208
1209 #ifdef HAVE_OPENSSL_IDEA_H
1210 /*
1211 * IDEA-CBC
1212 */
1213 vchar_t *
eay_idea_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1214 eay_idea_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1215 {
1216 vchar_t *res;
1217 IDEA_KEY_SCHEDULE ks;
1218
1219 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1220
1221 /* allocate buffer for result */
1222 if ((res = vmalloc(data->l)) == NULL)
1223 return NULL;
1224
1225 /* encrypt data */
1226 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1227 &ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
1228
1229 return res;
1230 }
1231
1232 vchar_t *
eay_idea_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1233 eay_idea_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1234 {
1235 vchar_t *res;
1236 IDEA_KEY_SCHEDULE ks, dks;
1237
1238 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1239 idea_set_decrypt_key(&ks, &dks);
1240
1241 /* allocate buffer for result */
1242 if ((res = vmalloc(data->l)) == NULL)
1243 return NULL;
1244
1245 /* decryption data */
1246 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1247 &dks, (unsigned char *)iv->v, IDEA_DECRYPT);
1248
1249 return res;
1250 }
1251
1252 int
eay_idea_weakkey(vchar_t * key __unused)1253 eay_idea_weakkey(vchar_t *key __unused)
1254 {
1255 return 0; /* XXX */
1256 }
1257
1258 int
eay_idea_keylen(int len)1259 eay_idea_keylen(int len)
1260 {
1261 if (len != 0 && len != 128)
1262 return -1;
1263 return 128;
1264 }
1265 #endif
1266
1267 /*
1268 * BLOWFISH-CBC
1269 */
1270 vchar_t *
eay_bf_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1271 eay_bf_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1272 {
1273 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1274 }
1275
1276 vchar_t *
eay_bf_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1277 eay_bf_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1278 {
1279 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1280 }
1281
1282 int
eay_bf_weakkey(vchar_t * key __unused)1283 eay_bf_weakkey(vchar_t *key __unused)
1284 {
1285 return 0; /* XXX to be done. refer to RFC 2451 */
1286 }
1287
1288 int
eay_bf_keylen(int len)1289 eay_bf_keylen(int len)
1290 {
1291 if (len == 0)
1292 return 448;
1293 if (len < 40 || len > 448)
1294 return -1;
1295 return len;
1296 }
1297
1298 #ifdef HAVE_OPENSSL_RC5_H
1299 /*
1300 * RC5-CBC
1301 */
1302 vchar_t *
1303 eay_rc5_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1304 vchar_t *data, *key, *iv;
1305 {
1306 vchar_t *res;
1307 RC5_32_KEY ks;
1308
1309 /* in RFC 2451, there is information about the number of round. */
1310 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1311
1312 /* allocate buffer for result */
1313 if ((res = vmalloc(data->l)) == NULL)
1314 return NULL;
1315
1316 /* encrypt data */
1317 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1318 &ks, (unsigned char *)iv->v, RC5_ENCRYPT);
1319
1320 return res;
1321 }
1322
1323 vchar_t *
1324 eay_rc5_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1325 vchar_t *data, *key, *iv;
1326 {
1327 vchar_t *res;
1328 RC5_32_KEY ks;
1329
1330 /* in RFC 2451, there is information about the number of round. */
1331 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1332
1333 /* allocate buffer for result */
1334 if ((res = vmalloc(data->l)) == NULL)
1335 return NULL;
1336
1337 /* decryption data */
1338 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1339 &ks, (unsigned char *)iv->v, RC5_DECRYPT);
1340
1341 return res;
1342 }
1343
1344 int
1345 eay_rc5_weakkey(vchar_t *key)
1346 vchar_t *key;
1347 {
1348 return 0; /* No known weak keys when used with 16 rounds. */
1349
1350 }
1351
1352 int
eay_rc5_keylen(len)1353 eay_rc5_keylen(len)
1354 int len;
1355 {
1356 if (len == 0)
1357 return 128;
1358 if (len < 40 || len > 2040)
1359 return -1;
1360 return len;
1361 }
1362 #endif
1363
1364 /*
1365 * 3DES-CBC
1366 */
1367 vchar_t *
eay_3des_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1368 eay_3des_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1369 {
1370 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1371 }
1372
1373 vchar_t *
eay_3des_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1374 eay_3des_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1375 {
1376 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1377 }
1378
1379 int
eay_3des_weakkey(vchar_t * key)1380 eay_3des_weakkey(vchar_t *key)
1381 {
1382 #ifdef USE_NEW_DES_API
1383 return (DES_is_weak_key((void *)key->v) ||
1384 DES_is_weak_key((void *)(key->v + 8)) ||
1385 DES_is_weak_key((void *)(key->v + 16)));
1386 #else
1387 if (key->l < 24)
1388 return 0;
1389
1390 return (des_is_weak_key((void *)key->v) ||
1391 des_is_weak_key((void *)(key->v + 8)) ||
1392 des_is_weak_key((void *)(key->v + 16)));
1393 #endif
1394 }
1395
1396 int
eay_3des_keylen(int len)1397 eay_3des_keylen(int len)
1398 {
1399 if (len != 0 && len != 192)
1400 return -1;
1401 return 192;
1402 }
1403
1404 /*
1405 * CAST-CBC
1406 */
1407 vchar_t *
eay_cast_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1408 eay_cast_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1409 {
1410 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1411 }
1412
1413 vchar_t *
eay_cast_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1414 eay_cast_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1415 {
1416 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1417 }
1418
1419 /*ARGSUSED*/
1420 int
eay_cast_weakkey(vchar_t * key __unused)1421 eay_cast_weakkey(vchar_t *key __unused)
1422 {
1423 return 0; /* No known weak keys. */
1424 }
1425
1426 int
eay_cast_keylen(int len)1427 eay_cast_keylen(int len)
1428 {
1429 if (len == 0)
1430 return 128;
1431 if (len < 40 || len > 128)
1432 return -1;
1433 return len;
1434 }
1435
1436 /*
1437 * AES(RIJNDAEL)-CBC
1438 */
1439 #ifndef HAVE_OPENSSL_AES_H
1440 vchar_t *
eay_aes_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1441 eay_aes_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1442 {
1443 vchar_t *res;
1444 keyInstance k;
1445 cipherInstance c;
1446
1447 memset(&k, 0, sizeof(k));
1448 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1449 return NULL;
1450
1451 /* allocate buffer for result */
1452 if ((res = vmalloc(data->l)) == NULL)
1453 return NULL;
1454
1455 /* encryption data */
1456 memset(&c, 0, sizeof(c));
1457 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1458 vfree(res);
1459 return NULL;
1460 }
1461 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1462 vfree(res);
1463 return NULL;
1464 }
1465
1466 return res;
1467 }
1468
1469 vchar_t *
1470 eay_aes_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1471 vchar_t *data, *key, *iv;
1472 {
1473 vchar_t *res;
1474 keyInstance k;
1475 cipherInstance c;
1476
1477 memset(&k, 0, sizeof(k));
1478 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1479 return NULL;
1480
1481 /* allocate buffer for result */
1482 if ((res = vmalloc(data->l)) == NULL)
1483 return NULL;
1484
1485 /* decryption data */
1486 memset(&c, 0, sizeof(c));
1487 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1488 vfree(res);
1489 return NULL;
1490 }
1491 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1492 vfree(res);
1493 return NULL;
1494 }
1495
1496 return res;
1497 }
1498 #else
1499 static inline const EVP_CIPHER *
aes_evp_by_keylen(int keylen)1500 aes_evp_by_keylen(int keylen)
1501 {
1502 switch(keylen) {
1503 case 16:
1504 case 128:
1505 return EVP_aes_128_cbc();
1506 case 24:
1507 case 192:
1508 return EVP_aes_192_cbc();
1509 case 32:
1510 case 256:
1511 return EVP_aes_256_cbc();
1512 default:
1513 return NULL;
1514 }
1515 }
1516
1517 vchar_t *
eay_aes_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1518 eay_aes_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1519 {
1520 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1521 }
1522
1523 vchar_t *
eay_aes_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1524 eay_aes_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1525 {
1526 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1527 }
1528 #endif
1529
1530 /*ARGSUSED*/
1531 int
eay_aes_weakkey(vchar_t * key __unused)1532 eay_aes_weakkey(vchar_t *key __unused)
1533 {
1534 return 0;
1535 }
1536
1537 int
eay_aes_keylen(int len)1538 eay_aes_keylen(int len)
1539 {
1540 if (len == 0)
1541 return 128;
1542 if (len != 128 && len != 192 && len != 256)
1543 return -1;
1544 return len;
1545 }
1546
1547 int
eay_aesgcm_keylen(int len)1548 eay_aesgcm_keylen(int len)
1549 {
1550 /* RFC 4106:
1551 * The size of the KEYMAT for the AES-GCM-ESP MUST be four octets longer
1552 * than is needed for the associated AES key. The keying material is
1553 * used as follows:
1554 *
1555 * AES-GCM-ESP with a 128 bit key
1556 * The KEYMAT requested for each AES-GCM key is 20 octets. The first
1557 * 16 octets are the 128-bit AES key, and the remaining four octets
1558 * are used as the salt value in the nonce.
1559 *
1560 * AES-GCM-ESP with a 192 bit key
1561 * The KEYMAT requested for each AES-GCM key is 28 octets. The first
1562 * 24 octets are the 192-bit AES key, and the remaining four octets
1563 * are used as the salt value in the nonce.
1564 *
1565 * AES-GCM-ESP with a 256 bit key
1566 * The KEYMAT requested for each AES GCM key is 36 octets. The first
1567 * 32 octets are the 256-bit AES key, and the remaining four octets
1568 * are used as the salt value in the nonce.
1569 */
1570 if (len == 0)
1571 len = 128;
1572
1573 if (len != 128 && len != 192 && len != 256)
1574 return -1;
1575
1576 return len + 32;
1577 }
1578
1579 #if defined(HAVE_OPENSSL_CAMELLIA_H)
1580 /*
1581 * CAMELLIA-CBC
1582 */
1583 static inline const EVP_CIPHER *
camellia_evp_by_keylen(int keylen)1584 camellia_evp_by_keylen(int keylen)
1585 {
1586 switch(keylen) {
1587 case 16:
1588 case 128:
1589 return EVP_camellia_128_cbc();
1590 case 24:
1591 case 192:
1592 return EVP_camellia_192_cbc();
1593 case 32:
1594 case 256:
1595 return EVP_camellia_256_cbc();
1596 default:
1597 return NULL;
1598 }
1599 }
1600
1601 vchar_t *
eay_camellia_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1602 eay_camellia_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1603 {
1604 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
1605 }
1606
1607 vchar_t *
eay_camellia_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1608 eay_camellia_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1609 {
1610 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
1611 }
1612
1613 int
eay_camellia_weakkey(vchar_t * key)1614 eay_camellia_weakkey(vchar_t *key)
1615 {
1616 return 0;
1617 }
1618
1619 int
eay_camellia_keylen(int len)1620 eay_camellia_keylen(int len)
1621 {
1622 if (len == 0)
1623 return 128;
1624 if (len != 128 && len != 192 && len != 256)
1625 return -1;
1626 return len;
1627 }
1628
1629 #endif
1630
1631 /* for ipsec part */
1632 int
eay_null_hashlen(void)1633 eay_null_hashlen(void)
1634 {
1635 return 0;
1636 }
1637
1638 int
eay_kpdk_hashlen(void)1639 eay_kpdk_hashlen(void)
1640 {
1641 return 0;
1642 }
1643
1644 int
eay_twofish_keylen(int len)1645 eay_twofish_keylen(int len)
1646 {
1647 if (len < 0 || len > 256)
1648 return -1;
1649 return len;
1650 }
1651
1652 /*ARGSUSED*/
1653 int
eay_null_keylen(int len __unused)1654 eay_null_keylen(int len __unused)
1655 {
1656 return 0;
1657 }
1658
1659 /*
1660 * HMAC functions
1661 */
1662 static caddr_t
eay_hmac_init(vchar_t * key,const EVP_MD * md)1663 eay_hmac_init(vchar_t *key, const EVP_MD *md)
1664 {
1665 HMAC_CTX *c = HMAC_CTX_new();
1666
1667 HMAC_Init_ex(c, key->v, key->l, md, NULL);
1668
1669 return (caddr_t)c;
1670 }
1671
eay_hmac_one(vchar_t * key,vchar_t * data,const EVP_MD * type)1672 static vchar_t *eay_hmac_one(vchar_t *key, vchar_t *data, const EVP_MD *type)
1673 {
1674 vchar_t *res;
1675
1676 if ((res = vmalloc(EVP_MD_size(type))) == 0)
1677 return NULL;
1678
1679 if (!HMAC(type, (void *) key->v, key->l,
1680 (void *) data->v, data->l, (void *) res->v, NULL)) {
1681 vfree(res);
1682 return NULL;
1683 }
1684
1685 return res;
1686 }
1687
eay_digest_one(vchar_t * data,const EVP_MD * type)1688 static vchar_t *eay_digest_one(vchar_t *data, const EVP_MD *type)
1689 {
1690 vchar_t *res;
1691
1692 if ((res = vmalloc(EVP_MD_size(type))) == 0)
1693 return NULL;
1694
1695 if (!EVP_Digest((void *) data->v, data->l,
1696 (void *) res->v, NULL, type, NULL)) {
1697 vfree(res);
1698 return NULL;
1699 }
1700
1701 return res;
1702 }
1703
1704 #ifdef WITH_SHA2
1705 /*
1706 * HMAC SHA2-512
1707 */
1708 vchar_t *
eay_hmacsha2_512_one(vchar_t * key,vchar_t * data)1709 eay_hmacsha2_512_one(vchar_t *key, vchar_t *data)
1710 {
1711 return eay_hmac_one(key, data, EVP_sha2_512());
1712 }
1713
1714 caddr_t
eay_hmacsha2_512_init(vchar_t * key)1715 eay_hmacsha2_512_init(vchar_t *key)
1716 {
1717 return eay_hmac_init(key, EVP_sha2_512());
1718 }
1719
1720 void
eay_hmacsha2_512_update(caddr_t c,vchar_t * data)1721 eay_hmacsha2_512_update(caddr_t c, vchar_t *data)
1722 {
1723 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1724 }
1725
1726 vchar_t *
eay_hmacsha2_512_final(caddr_t cv)1727 eay_hmacsha2_512_final(caddr_t cv)
1728 {
1729 vchar_t *res;
1730 HMAC_CTX *c = (HMAC_CTX *)cv;
1731 unsigned int l;
1732
1733 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1734 return NULL;
1735
1736 HMAC_Final(c, (unsigned char *) res->v, &l);
1737 res->l = l;
1738 HMAC_CTX_free(c);
1739
1740 if (SHA512_DIGEST_LENGTH != res->l) {
1741 plog(LLV_ERROR, LOCATION, NULL,
1742 "hmac sha2_512 length mismatch %zd.\n", res->l);
1743 vfree(res);
1744 return NULL;
1745 }
1746
1747 return(res);
1748 }
1749
1750 /*
1751 * HMAC SHA2-384
1752 */
1753 vchar_t *
eay_hmacsha2_384_one(vchar_t * key,vchar_t * data)1754 eay_hmacsha2_384_one(vchar_t *key, vchar_t *data)
1755 {
1756 return eay_hmac_one(key, data, EVP_sha2_384());
1757 }
1758
1759 caddr_t
eay_hmacsha2_384_init(vchar_t * key)1760 eay_hmacsha2_384_init(vchar_t *key)
1761 {
1762 return eay_hmac_init(key, EVP_sha2_384());
1763 }
1764
1765 void
eay_hmacsha2_384_update(caddr_t c,vchar_t * data)1766 eay_hmacsha2_384_update(caddr_t c, vchar_t *data)
1767 {
1768 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1769 }
1770
1771 vchar_t *
eay_hmacsha2_384_final(caddr_t cv)1772 eay_hmacsha2_384_final(caddr_t cv)
1773 {
1774 HMAC_CTX *c = (HMAC_CTX *)cv;
1775 vchar_t *res;
1776 unsigned int l;
1777
1778 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1779 return NULL;
1780
1781 HMAC_Final(c, (unsigned char *) res->v, &l);
1782 res->l = l;
1783 HMAC_CTX_free(c);
1784
1785 if (SHA384_DIGEST_LENGTH != res->l) {
1786 plog(LLV_ERROR, LOCATION, NULL,
1787 "hmac sha2_384 length mismatch %zd.\n", res->l);
1788 vfree(res);
1789 return NULL;
1790 }
1791
1792 return(res);
1793 }
1794
1795 /*
1796 */
1797 vchar_t *
eay_hmacsha2_256_one(vchar_t * key,vchar_t * data)1798 eay_hmacsha2_256_one(vchar_t *key, vchar_t *data)
1799 {
1800 return eay_hmac_one(key, data, EVP_sha2_256());
1801 }
1802
1803 caddr_t
eay_hmacsha2_256_init(vchar_t * key)1804 eay_hmacsha2_256_init(vchar_t *key)
1805 {
1806 return eay_hmac_init(key, EVP_sha2_256());
1807 }
1808
1809 void
eay_hmacsha2_256_update(caddr_t c,vchar_t * data)1810 eay_hmacsha2_256_update(caddr_t c, vchar_t *data)
1811 {
1812 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1813 }
1814
1815 vchar_t *
eay_hmacsha2_256_final(caddr_t cv)1816 eay_hmacsha2_256_final(caddr_t cv)
1817 {
1818 HMAC_CTX *c = (HMAC_CTX *)cv;
1819 vchar_t *res;
1820 unsigned int l;
1821
1822 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1823 return NULL;
1824
1825 HMAC_Final(c, (unsigned char *) res->v, &l);
1826 res->l = l;
1827 HMAC_CTX_free(c);
1828
1829 if (SHA256_DIGEST_LENGTH != res->l) {
1830 plog(LLV_ERROR, LOCATION, NULL,
1831 "hmac sha2_256 length mismatch %zd.\n", res->l);
1832 vfree(res);
1833 return NULL;
1834 }
1835
1836 return(res);
1837 }
1838 #endif /* WITH_SHA2 */
1839
1840 /*
1841 * HMAC SHA1
1842 */
1843 vchar_t *
eay_hmacsha1_one(vchar_t * key,vchar_t * data)1844 eay_hmacsha1_one(vchar_t *key, vchar_t *data)
1845 {
1846 return eay_hmac_one(key, data, EVP_sha1());
1847 }
1848
1849 caddr_t
eay_hmacsha1_init(vchar_t * key)1850 eay_hmacsha1_init(vchar_t *key)
1851 {
1852 return eay_hmac_init(key, EVP_sha1());
1853 }
1854
1855 void
eay_hmacsha1_update(caddr_t c,vchar_t * data)1856 eay_hmacsha1_update(caddr_t c, vchar_t *data)
1857 {
1858 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1859 }
1860
1861 vchar_t *
eay_hmacsha1_final(caddr_t cv)1862 eay_hmacsha1_final(caddr_t cv)
1863 {
1864 HMAC_CTX *c = (HMAC_CTX *)cv;
1865 vchar_t *res;
1866 unsigned int l;
1867
1868 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
1869 return NULL;
1870
1871 HMAC_Final(c, (unsigned char *) res->v, &l);
1872 res->l = l;
1873 HMAC_CTX_free(c);
1874
1875 if (SHA_DIGEST_LENGTH != res->l) {
1876 plog(LLV_ERROR, LOCATION, NULL,
1877 "hmac sha1 length mismatch %zd.\n", res->l);
1878 vfree(res);
1879 return NULL;
1880 }
1881
1882 return(res);
1883 }
1884
1885 /*
1886 * HMAC MD5
1887 */
1888 vchar_t *
eay_hmacmd5_one(vchar_t * key,vchar_t * data)1889 eay_hmacmd5_one(vchar_t *key, vchar_t *data)
1890 {
1891 return eay_hmac_one(key, data, EVP_md5());
1892 }
1893
1894 caddr_t
eay_hmacmd5_init(vchar_t * key)1895 eay_hmacmd5_init(vchar_t *key)
1896 {
1897 return eay_hmac_init(key, EVP_md5());
1898 }
1899
1900 void
eay_hmacmd5_update(caddr_t c,vchar_t * data)1901 eay_hmacmd5_update(caddr_t c, vchar_t *data)
1902 {
1903 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1904 }
1905
1906 vchar_t *
eay_hmacmd5_final(caddr_t cv)1907 eay_hmacmd5_final(caddr_t cv)
1908 {
1909 HMAC_CTX *c = (HMAC_CTX *)cv;
1910 vchar_t *res;
1911 unsigned int l;
1912
1913 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
1914 return NULL;
1915
1916 HMAC_Final(c, (unsigned char *) res->v, &l);
1917 res->l = l;
1918 HMAC_CTX_free(c);
1919
1920 if (MD5_DIGEST_LENGTH != res->l) {
1921 plog(LLV_ERROR, LOCATION, NULL,
1922 "hmac md5 length mismatch %zd.\n", res->l);
1923 vfree(res);
1924 return NULL;
1925 }
1926
1927 return(res);
1928 }
1929
1930 #ifdef WITH_SHA2
1931 /*
1932 * SHA2-512 functions
1933 */
1934 caddr_t
eay_sha2_512_init(void)1935 eay_sha2_512_init(void)
1936 {
1937 SHA512_CTX *c = racoon_malloc(sizeof(*c));
1938
1939 SHA512_Init(c);
1940
1941 return((caddr_t)c);
1942 }
1943
1944 void
eay_sha2_512_update(caddr_t c,vchar_t * data)1945 eay_sha2_512_update(caddr_t c, vchar_t *data)
1946 {
1947 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
1948
1949 return;
1950 }
1951
1952 vchar_t *
eay_sha2_512_final(caddr_t c)1953 eay_sha2_512_final(caddr_t c)
1954 {
1955 vchar_t *res;
1956
1957 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1958 return(0);
1959
1960 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
1961 (void)racoon_free(c);
1962
1963 return(res);
1964 }
1965
1966 vchar_t *
eay_sha2_512_one(vchar_t * data)1967 eay_sha2_512_one(vchar_t *data)
1968 {
1969 return eay_digest_one(data, EVP_sha512());
1970 }
1971
1972 int
eay_sha2_512_hashlen(void)1973 eay_sha2_512_hashlen(void)
1974 {
1975 return SHA512_DIGEST_LENGTH << 3;
1976 }
1977 #endif
1978
1979 #ifdef WITH_SHA2
1980 /*
1981 * SHA2-384 functions
1982 */
1983 caddr_t
eay_sha2_384_init(void)1984 eay_sha2_384_init(void)
1985 {
1986 SHA384_CTX *c = racoon_malloc(sizeof(*c));
1987
1988 SHA384_Init(c);
1989
1990 return((caddr_t)c);
1991 }
1992
1993 void
eay_sha2_384_update(caddr_t c,vchar_t * data)1994 eay_sha2_384_update(caddr_t c, vchar_t *data)
1995 {
1996 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
1997
1998 return;
1999 }
2000
2001 vchar_t *
eay_sha2_384_final(caddr_t c)2002 eay_sha2_384_final(caddr_t c)
2003 {
2004 vchar_t *res;
2005
2006 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2007 return(0);
2008
2009 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
2010 (void)racoon_free(c);
2011
2012 return(res);
2013 }
2014
2015 vchar_t *
eay_sha2_384_one(vchar_t * data)2016 eay_sha2_384_one(vchar_t *data)
2017 {
2018 return eay_digest_one(data, EVP_sha2_384());
2019 }
2020
2021 int
eay_sha2_384_hashlen(void)2022 eay_sha2_384_hashlen(void)
2023 {
2024 return SHA384_DIGEST_LENGTH << 3;
2025 }
2026 #endif
2027
2028 #ifdef WITH_SHA2
2029 /*
2030 * SHA2-256 functions
2031 */
2032 caddr_t
eay_sha2_256_init(void)2033 eay_sha2_256_init(void)
2034 {
2035 SHA256_CTX *c = racoon_malloc(sizeof(*c));
2036
2037 SHA256_Init(c);
2038
2039 return((caddr_t)c);
2040 }
2041
2042 void
eay_sha2_256_update(caddr_t c,vchar_t * data)2043 eay_sha2_256_update(caddr_t c, vchar_t *data)
2044 {
2045 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
2046
2047 return;
2048 }
2049
2050 vchar_t *
eay_sha2_256_final(caddr_t c)2051 eay_sha2_256_final(caddr_t c)
2052 {
2053 vchar_t *res;
2054
2055 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2056 return(0);
2057
2058 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
2059 (void)racoon_free(c);
2060
2061 return(res);
2062 }
2063
2064 vchar_t *
eay_sha2_256_one(vchar_t * data)2065 eay_sha2_256_one(vchar_t *data)
2066 {
2067 return eay_digest_one(data, EVP_sha2_256());
2068 }
2069
2070 int
eay_sha2_256_hashlen(void)2071 eay_sha2_256_hashlen(void)
2072 {
2073 return SHA256_DIGEST_LENGTH << 3;
2074 }
2075 #endif
2076
2077 /*
2078 * SHA functions
2079 */
2080 caddr_t
eay_sha1_init(void)2081 eay_sha1_init(void)
2082 {
2083 SHA_CTX *c = racoon_malloc(sizeof(*c));
2084
2085 SHA1_Init(c);
2086
2087 return((caddr_t)c);
2088 }
2089
2090 void
eay_sha1_update(caddr_t c,vchar_t * data)2091 eay_sha1_update(caddr_t c, vchar_t *data)
2092 {
2093 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2094
2095 return;
2096 }
2097
2098 vchar_t *
eay_sha1_final(caddr_t c)2099 eay_sha1_final(caddr_t c)
2100 {
2101 vchar_t *res;
2102
2103 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2104 return(0);
2105
2106 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
2107 (void)racoon_free(c);
2108
2109 return(res);
2110 }
2111
2112 vchar_t *
eay_sha1_one(vchar_t * data)2113 eay_sha1_one(vchar_t *data)
2114 {
2115 return eay_digest_one(data, EVP_sha1());
2116 }
2117
2118 int
eay_sha1_hashlen(void)2119 eay_sha1_hashlen(void)
2120 {
2121 return SHA_DIGEST_LENGTH << 3;
2122 }
2123
2124 /*
2125 * MD5 functions
2126 */
2127 caddr_t
eay_md5_init(void)2128 eay_md5_init(void)
2129 {
2130 MD5_CTX *c = racoon_malloc(sizeof(*c));
2131
2132 MD5_Init(c);
2133
2134 return((caddr_t)c);
2135 }
2136
2137 void
eay_md5_update(caddr_t c,vchar_t * data)2138 eay_md5_update(caddr_t c, vchar_t *data)
2139 {
2140 MD5_Update((MD5_CTX *)c, data->v, data->l);
2141
2142 return;
2143 }
2144
2145 vchar_t *
eay_md5_final(caddr_t c)2146 eay_md5_final(caddr_t c)
2147 {
2148 vchar_t *res;
2149
2150 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2151 return(0);
2152
2153 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
2154 (void)racoon_free(c);
2155
2156 return(res);
2157 }
2158
2159 vchar_t *
eay_md5_one(vchar_t * data)2160 eay_md5_one(vchar_t *data)
2161 {
2162 return eay_digest_one(data, EVP_md5());
2163 }
2164
2165 int
eay_md5_hashlen(void)2166 eay_md5_hashlen(void)
2167 {
2168 return MD5_DIGEST_LENGTH << 3;
2169 }
2170
2171 /*
2172 * eay_set_random
2173 * size: number of bytes.
2174 */
2175 vchar_t *
eay_set_random(uint32_t size)2176 eay_set_random(uint32_t size)
2177 {
2178 BIGNUM *r = NULL;
2179 vchar_t *res = 0;
2180
2181 if ((r = BN_new()) == NULL)
2182 goto end;
2183 BN_rand(r, size * 8, 0, 0);
2184 eay_bn2v(&res, r);
2185
2186 end:
2187 if (r)
2188 BN_free(r);
2189 return(res);
2190 }
2191
2192 /* DH */
2193 int
eay_dh_generate(vchar_t * prime,uint32_t ig,u_int publen,vchar_t ** pub,vchar_t ** priv)2194 eay_dh_generate(vchar_t *prime, uint32_t ig, u_int publen, vchar_t **pub,
2195 vchar_t **priv)
2196 {
2197 BIGNUM *p = NULL, *g = NULL;
2198 const BIGNUM *pub_key, *priv_key;
2199 DH *dh = NULL;
2200 int error = -1;
2201
2202 /* initialize */
2203 /* pre-process to generate number */
2204 if (eay_v2bn(&p, prime) < 0)
2205 goto end;
2206
2207 if ((dh = DH_new()) == NULL)
2208 goto end;
2209 if ((g = BN_new()) == NULL)
2210 goto end;
2211 if (!BN_set_word(g, ig))
2212 goto end;
2213 if (!DH_set0_pqg(dh, p, NULL, g))
2214 goto end;
2215 p = g = NULL;
2216
2217 if (publen != 0)
2218 DH_set_length(dh, publen);
2219
2220 /* generate public and private number */
2221 if (!DH_generate_key(dh))
2222 goto end;
2223
2224 DH_get0_key(dh, &pub_key, &priv_key);
2225
2226 /* copy results to buffers */
2227 if (eay_bn2v(pub, __UNCONST(pub_key)) < 0)
2228 goto end;
2229 if (eay_bn2v(priv, __UNCONST(priv_key)) < 0) {
2230 vfree(*pub);
2231 goto end;
2232 }
2233
2234 error = 0;
2235
2236 end:
2237 if (dh != NULL)
2238 DH_free(dh);
2239 BN_free(p);
2240 BN_free(g);
2241 return(error);
2242 }
2243
2244 int
eay_dh_compute(vchar_t * prime,uint32_t ig,vchar_t * pub,vchar_t * priv,vchar_t * pub2,vchar_t ** key)2245 eay_dh_compute(vchar_t *prime, uint32_t ig, vchar_t *pub, vchar_t *priv,
2246 vchar_t *pub2, vchar_t **key)
2247 {
2248 BIGNUM *dh_pub = NULL;
2249 BIGNUM *p = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
2250 DH *dh = NULL;
2251 int l;
2252 unsigned char *v = NULL;
2253 int error = -1;
2254
2255 /* make public number to compute */
2256 if (eay_v2bn(&dh_pub, pub2) < 0)
2257 goto end;
2258
2259 /* make DH structure */
2260 if ((dh = DH_new()) == NULL)
2261 goto end;
2262 if (eay_v2bn(&p, prime) < 0)
2263 goto end;
2264
2265 if (eay_v2bn(&pub_key, pub) < 0)
2266 goto end;
2267 if (eay_v2bn(&priv_key, priv) < 0)
2268 goto end;
2269
2270 DH_set_length(dh, pub2->l * 8);
2271
2272 if ((g = BN_new()) == NULL)
2273 goto end;
2274 if (!BN_set_word(g, ig))
2275 goto end;
2276
2277 if (!DH_set0_pqg(dh, p, NULL, g))
2278 goto end;
2279 p = g = NULL;
2280
2281 if (!DH_set0_key(dh, pub_key, priv_key))
2282 goto end;
2283 pub_key = priv_key = NULL;
2284
2285 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2286 goto end;
2287
2288 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2289 goto end;
2290 memcpy((*key)->v + (prime->l - l), v, l);
2291
2292 error = 0;
2293
2294 end:
2295 BN_free(dh_pub);
2296 BN_free(pub_key);
2297 BN_free(priv_key);
2298 BN_free(p);
2299 BN_free(g);
2300 if (dh != NULL)
2301 DH_free(dh);
2302 if (v != NULL)
2303 racoon_free(v);
2304 return error;
2305 }
2306
2307 /*
2308 * convert vchar_t <-> BIGNUM.
2309 *
2310 * vchar_t: unit is u_char, network endian, most significant byte first.
2311 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2312 * least significant BN_ULONG must come first.
2313 *
2314 * hex value of "0x3ffe050104" is represented as follows:
2315 * vchar_t: 3f fe 05 01 04
2316 * BIGNUM (BN_ULONG = uint8_t): 04 01 05 fe 3f
2317 * BIGNUM (BN_ULONG = uint16_t): 0x0104 0xfe05 0x003f
2318 * BIGNUM (BN_ULONG = uint32_t_t): 0xfe050104 0x0000003f
2319 */
2320 int
eay_v2bn(BIGNUM ** bn,vchar_t * var)2321 eay_v2bn(BIGNUM **bn, vchar_t *var)
2322 {
2323 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2324 return -1;
2325
2326 return 0;
2327 }
2328
2329 int
eay_bn2v(vchar_t ** var,BIGNUM * bn)2330 eay_bn2v(vchar_t **var, BIGNUM *bn)
2331 {
2332 *var = vmalloc(BN_num_bytes(bn));
2333 if (*var == NULL)
2334 return(-1);
2335
2336 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2337
2338 return 0;
2339 }
2340
2341 void
eay_init(void)2342 eay_init(void)
2343 {
2344 OpenSSL_add_all_algorithms();
2345 ERR_load_crypto_strings();
2346 #ifdef HAVE_OPENSSL_ENGINE_H
2347 ENGINE_load_builtin_engines();
2348 ENGINE_register_all_complete();
2349 #endif
2350 }
2351
2352 vchar_t *
base64_decode(char * in,long inlen)2353 base64_decode(char *in, long inlen)
2354 {
2355 BIO *bio=NULL, *b64=NULL;
2356 vchar_t *res = NULL;
2357 char *outb;
2358 long outlen;
2359
2360 outb = malloc(inlen * 2);
2361 if (outb == NULL)
2362 goto out;
2363 bio = BIO_new_mem_buf(in, inlen);
2364 b64 = BIO_new(BIO_f_base64());
2365 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2366 bio = BIO_push(b64, bio);
2367
2368 outlen = BIO_read(bio, outb, inlen * 2);
2369 if (outlen <= 0) {
2370 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2371 goto out;
2372 }
2373
2374 res = vmalloc(outlen);
2375 if (!res)
2376 goto out;
2377
2378 memcpy(res->v, outb, outlen);
2379
2380 out:
2381 if (outb)
2382 free(outb);
2383 if (bio)
2384 BIO_free_all(bio);
2385
2386 return res;
2387 }
2388
2389 vchar_t *
base64_encode(char * in,long inlen)2390 base64_encode(char *in, long inlen)
2391 {
2392 BIO *bio=NULL, *b64=NULL;
2393 char *ptr;
2394 long plen = -1;
2395 vchar_t *res = NULL;
2396
2397 bio = BIO_new(BIO_s_mem());
2398 b64 = BIO_new(BIO_f_base64());
2399 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2400 bio = BIO_push(b64, bio);
2401
2402 BIO_write(bio, in, inlen);
2403 (void)BIO_flush(bio);
2404
2405 plen = BIO_get_mem_data(bio, &ptr);
2406 res = vmalloc(plen+1);
2407 if (!res)
2408 goto out;
2409
2410 memcpy (res->v, ptr, plen);
2411 res->v[plen] = '\0';
2412
2413 out:
2414 if (bio)
2415 BIO_free_all(bio);
2416
2417 return res;
2418 }
2419
2420 static RSA *
binbuf_pubkey2rsa(vchar_t * binbuf)2421 binbuf_pubkey2rsa(vchar_t *binbuf)
2422 {
2423 BIGNUM *exp = NULL, *mod;
2424 RSA *rsa_pub = NULL;
2425
2426 if (binbuf->v[0] > binbuf->l - 1) {
2427 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2428 goto out;
2429 }
2430
2431 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2432 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2433 binbuf->l - binbuf->v[0] - 1, NULL);
2434 rsa_pub = RSA_new();
2435
2436 if (!exp || !mod || !rsa_pub) {
2437 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2438 goto out;
2439 }
2440
2441 if (!RSA_set0_key(rsa_pub, mod, exp, NULL))
2442 goto out;
2443
2444 return rsa_pub;
2445 out:
2446 BN_free(exp);
2447 RSA_free(rsa_pub);
2448 return NULL;
2449 }
2450
2451 RSA *
base64_pubkey2rsa(char * in)2452 base64_pubkey2rsa(char *in)
2453 {
2454 RSA *rsa_pub = NULL;
2455 vchar_t *binbuf;
2456
2457 if (strncmp(in, "0s", 2) != 0) {
2458 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2459 return NULL;
2460 }
2461
2462 binbuf = base64_decode(in + 2, strlen(in + 2));
2463 if (!binbuf) {
2464 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2465 return NULL;
2466 }
2467
2468 if (binbuf->v[0] > binbuf->l - 1) {
2469 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2470 goto out;
2471 }
2472
2473 rsa_pub = binbuf_pubkey2rsa(binbuf);
2474
2475 out:
2476 if (binbuf)
2477 vfree(binbuf);
2478
2479 return rsa_pub;
2480 }
2481
2482 RSA *
bignum_pubkey2rsa(BIGNUM * in)2483 bignum_pubkey2rsa(BIGNUM *in)
2484 {
2485 RSA *rsa_pub = NULL;
2486 vchar_t *binbuf;
2487
2488 binbuf = vmalloc(BN_num_bytes(in));
2489 if (!binbuf) {
2490 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2491 return NULL;
2492 }
2493
2494 BN_bn2bin(in, (unsigned char *) binbuf->v);
2495
2496 rsa_pub = binbuf_pubkey2rsa(binbuf);
2497
2498 if (binbuf)
2499 vfree(binbuf);
2500
2501 return rsa_pub;
2502 }
2503
2504 uint32_t
eay_random(void)2505 eay_random(void)
2506 {
2507 uint32_t result;
2508 vchar_t *vrand;
2509
2510 vrand = eay_set_random(sizeof(result));
2511 memcpy(&result, vrand->v, sizeof(result));
2512 vfree(vrand);
2513
2514 return result;
2515 }
2516
2517 const char *
eay_version(void)2518 eay_version(void)
2519 {
2520 return SSLeay_version(SSLEAY_VERSION);
2521 }
2522