From: Michal L. <lu...@us...> - 2004-05-21 14:05:03
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27503/src/racoon Modified Files: crypto_openssl.c crypto_openssl.h Log Message: 2004-05-21 Michal Ludvig <ml...@su...> * src/racoon/crypto_openssl.[ch]: Use EVP_*() instead of algorithm specific functions. Index: crypto_openssl.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/crypto_openssl.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -d -r1.17 -r1.18 --- crypto_openssl.c 9 Apr 2004 16:55:56 -0000 1.17 +++ crypto_openssl.c 21 May 2004 14:04:53 -0000 1.18 @@ -97,6 +97,8 @@ #define USE_NEW_DES_API #endif +#define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0) + #include "var.h" #include "misc.h" #include "vmbuf.h" @@ -940,80 +942,70 @@ ERR_load_crypto_strings(); } -/* - * DES-CBC - */ vchar_t * -eay_des_encrypt(data, key, iv) - vchar_t *data, *key, *iv; +evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc) { vchar_t *res; -#ifdef USE_NEW_DES_API - DES_key_schedule ks; -#else - des_key_schedule ks; -#endif + EVP_CIPHER_CTX ctx; -#ifndef USE_NEW_DES_API - if (data->l % 8) + if (!e) return NULL; -#endif -#ifdef USE_NEW_DES_API - if (DES_key_sched((void *)key->v, &ks) != 0) -#else - if (des_key_sched((void *)key->v, ks) != 0) -#endif + if (data->l % EVP_CIPHER_block_size(e)) return NULL; - /* allocate buffer for result */ if ((res = vmalloc(data->l)) == NULL) return NULL; - /* decryption data */ -#ifdef USE_NEW_DES_API - DES_cbc_encrypt((void *)data->v, (void *)res->v, data->l, - &ks, (void *)iv->v, DES_ENCRYPT); -#else - des_cbc_encrypt((void *)data->v, (void *)res->v, data->l, - ks, (void *)iv->v, DES_ENCRYPT); -#endif + EVP_CIPHER_CTX_init(&ctx); + + if (!EVP_CipherInit(&ctx, e, key->v, iv->v, enc)) { + OpenSSL_BUG(); + return NULL; + } + + if (!EVP_Cipher(&ctx, res->v, data->v, data->l)) { + OpenSSL_BUG(); + return NULL; + } + + EVP_CIPHER_CTX_cleanup(&ctx); return res; } -vchar_t * -eay_des_decrypt(data, key, iv) - vchar_t *data, *key, *iv; +int +evp_weakkey(vchar_t *key, const EVP_CIPHER *e) { - vchar_t *res; -#ifdef USE_NEW_DES_API - DES_key_schedule ks; -#else - des_key_schedule ks; -#endif - -#ifdef USE_NEW_DES_API - if (DES_key_sched((void *)key->v, &ks) != 0) -#else - if (des_key_sched((void *)key->v, ks) != 0) -#endif - return NULL; + return 0; +} - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; +int +evp_keylen(int len, const EVP_CIPHER *e) +{ + if (!e) + return -1; + if (len != 0 && len != EVP_CIPHER_key_length(e)) + return -1; + + return EVP_CIPHER_key_length(e); +} - /* decryption data */ -#ifdef USE_NEW_DES_API - DES_cbc_encrypt((void *)data->v, (void *)res->v, data->l, - &ks, (void *)iv->v, DES_DECRYPT); -#else - des_cbc_encrypt((void *)data->v, (void *)res->v, data->l, - ks, (void *)iv->v, DES_DECRYPT); -#endif +/* + * DES-CBC + */ +vchar_t * +eay_des_encrypt(data, key, iv) + vchar_t *data, *key, *iv; +{ + return evp_crypt(data, key, iv, EVP_des_cbc(), 1); +} - return res; +vchar_t * +eay_des_decrypt(data, key, iv) + vchar_t *data, *key, *iv; +{ + return evp_crypt(data, key, iv, EVP_des_cbc(), 0); } int @@ -1031,9 +1023,7 @@ eay_des_keylen(len) int len; { - if (len != 0 && len != 64) - return -1; - return 64; + return evp_keylen(len, EVP_des_cbc()); } #ifdef HAVE_OPENSSL_IDEA_H @@ -1044,48 +1034,21 @@ eay_idea_encrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; - IDEA_KEY_SCHEDULE ks; - - idea_set_encrypt_key(key->v, &ks); - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* decryption data */ - idea_cbc_encrypt(data->v, res->v, data->l, - &ks, iv->v, IDEA_ENCRYPT); - - return res; + return evp_crypt(data, key, iv, EVP_idea_cbc(), 1); } vchar_t * eay_idea_decrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; - IDEA_KEY_SCHEDULE ks, dks; - - idea_set_encrypt_key(key->v, &ks); - idea_set_decrypt_key(&ks, &dks); - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* decryption data */ - idea_cbc_encrypt(data->v, res->v, data->l, - &dks, iv->v, IDEA_DECRYPT); - - return res; + return evp_crypt(data, key, iv, EVP_idea_cbc(), 0); } int eay_idea_weakkey(key) vchar_t *key; { - return 0; /* XXX */ + return 0; } int @@ -1105,40 +1068,14 @@ eay_bf_encrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; - BF_KEY ks; - - BF_set_key(&ks, key->l, key->v); - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* decryption data */ - BF_cbc_encrypt(data->v, res->v, data->l, - &ks, iv->v, BF_ENCRYPT); - - return res; + return evp_crypt(data, key, iv, EVP_bf_cbc(), 1); } vchar_t * eay_bf_decrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; - BF_KEY ks; - - BF_set_key(&ks, key->l, key->v); - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* decryption data */ - BF_cbc_encrypt(data->v, res->v, data->l, - &ks, iv->v, BF_DECRYPT); - - return res; + return evp_crypt(data, key, iv, EVP_bf_cbc(), 0); } int @@ -1167,42 +1104,14 @@ eay_rc5_encrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; - RC5_32_KEY ks; - - /* in RFC 2451, there is information about the number of round. */ - RC5_32_set_key(&ks, key->l, key->v, 16); - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* decryption data */ - RC5_32_cbc_encrypt(data->v, res->v, data->l, - &ks, iv->v, RC5_ENCRYPT); - - return res; + return evp_crypt(data, key, iv, EVP_rc5_32_12_16_cbc(), 1); } vchar_t * eay_rc5_decrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; - RC5_32_KEY ks; - - /* in RFC 2451, there is information about the number of round. */ - RC5_32_set_key(&ks, key->l, key->v, 16); - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* decryption data */ - RC5_32_cbc_encrypt(data->v, res->v, data->l, - &ks, iv->v, RC5_DECRYPT); - - return res; + return evp_crypt(data, key, iv, EVP_rc5_32_12_16_cbc(), 0); } int @@ -1210,7 +1119,6 @@ vchar_t *key; { return 0; /* No known weak keys when used with 16 rounds. */ - } int @@ -1228,140 +1136,18 @@ /* * 3DES-CBC */ -static vchar_t * -eay_3des_expand_key (key, size) - vchar_t *key; - size_t size; -{ - vchar_t *newkey; - char *ptr, *end; - size_t idx; - - if (key->l <= 0) - return NULL; - - if (key->l == size) { - newkey = vdup (key); - return newkey; - } - - newkey = vmalloc (size); - if (! newkey) - return NULL; - - ptr = newkey->v; - end = newkey->v + newkey->l; - idx = 0; - while (ptr < end) { - size_t amount; - amount = key->l > (end - ptr) ? (end - ptr) : key->l; - memcpy (ptr, key->v, amount); - ptr += amount; - } - - return newkey; -} - vchar_t * eay_3des_encrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res, *expkey; - -#ifdef USE_NEW_DES_API - DES_key_schedule ks1, ks2, ks3; -#else - des_key_schedule ks1, ks2, ks3; -#endif - - expkey = eay_3des_expand_key (key, 24); - - if (expkey == NULL) - return NULL; - -#ifdef USE_NEW_DES_API - if (DES_key_sched((void *)expkey->v, &ks1) != 0) - return NULL; - if (DES_key_sched((void *)(expkey->v + 8), &ks2) != 0) - return NULL; - if (DES_key_sched((void *)(expkey->v + 16), &ks3) != 0) - return NULL; -#else - if (des_key_sched((void *)expkey->v, ks1) != 0) - return NULL; - if (des_key_sched((void *)(expkey->v + 8), ks2) != 0) - return NULL; - if (des_key_sched((void *)(expkey->v + 16), ks3) != 0) - return NULL; -#endif - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* decryption data */ -#ifdef USE_NEW_DES_API - DES_ede3_cbc_encrypt((void *)data->v, (void *)res->v, data->l, - &ks1, &ks2, &ks3, (void *)iv->v, DES_ENCRYPT); -#else - des_ede3_cbc_encrypt((void *)data->v, (void *)res->v, data->l, - ks1, ks2, ks3, (void *)iv->v, DES_ENCRYPT); -#endif - - vfree (expkey); - - return res; + return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1); } vchar_t * eay_3des_decrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res, *expkey; - -#ifdef USE_NEW_DES_API - DES_key_schedule ks1, ks2, ks3; -#else - des_key_schedule ks1, ks2, ks3; -#endif - - expkey = eay_3des_expand_key (key, 24); - - if (expkey == NULL) - return NULL; - -#ifdef USE_NEW_DES_API - if (DES_key_sched((void *)expkey->v, &ks1) != 0) - return NULL; - if (DES_key_sched((void *)(expkey->v + 8), &ks2) != 0) - return NULL; - if (DES_key_sched((void *)(expkey->v + 16), &ks3) != 0) - return NULL; -#else - if (des_key_sched((void *)expkey->v, ks1) != 0) - return NULL; - if (des_key_sched((void *)(expkey->v + 8), ks2) != 0) - return NULL; - if (des_key_sched((void *)(expkey->v + 16), ks3) != 0) - return NULL; -#endif - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* decryption data */ -#ifdef USE_NEW_DES_API - DES_ede3_cbc_encrypt((void *)data->v, (void *)res->v, data->l, - &ks1, &ks2, &ks3, (void *)iv->v, DES_DECRYPT); -#else - des_ede3_cbc_encrypt((void *)data->v, (void *)res->v, data->l, - ks1, ks2, ks3, (void *)iv->v, DES_DECRYPT); -#endif - - vfree (expkey); - - return res; + return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0); } int @@ -1398,40 +1184,14 @@ eay_cast_encrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; - CAST_KEY ks; - - CAST_set_key(&ks, key->l, key->v); - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* decryption data */ - CAST_cbc_encrypt(data->v, res->v, data->l, - &ks, iv->v, DES_ENCRYPT); - - return res; + return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1); } vchar_t * eay_cast_decrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; - CAST_KEY ks; - - CAST_set_key(&ks, key->l, key->v); - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* decryption data */ - CAST_cbc_encrypt(data->v, res->v, data->l, - &ks, iv->v, DES_DECRYPT); - - return res; + return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0); } int @@ -1508,42 +1268,36 @@ return res; } #else +static inline const EVP_CIPHER * +aes_evp_by_keylen(int keylen) +{ + switch(keylen) { + case 16: + case 128: + return EVP_aes_128_cbc(); + case 24: + case 192: + return EVP_aes_192_cbc(); + case 32: + case 256: + return EVP_aes_256_cbc(); + default: + return NULL; + } +} + vchar_t * eay_aes_encrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; - AES_KEY ks; - - AES_set_encrypt_key(key->v, key->l * 8, &ks); - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* encryption data */ - AES_cbc_encrypt(data->v, res->v, data->l, - &ks, iv->v, AES_ENCRYPT); - return res; + return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1); } vchar_t * eay_aes_decrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; - AES_KEY ks; - - AES_set_decrypt_key(key->v, key->l * 8, &ks); - - /* allocate buffer for result */ - if ((res = vmalloc(data->l)) == NULL) - return NULL; - - /* decryption data */ - AES_cbc_encrypt(data->v, res->v, data->l, - &ks, iv->v, AES_DECRYPT); - return res; + return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0); } #endif Index: crypto_openssl.h =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/crypto_openssl.h,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- crypto_openssl.h 5 Apr 2004 15:05:16 -0000 1.2 +++ crypto_openssl.h 21 May 2004 14:04:53 -0000 1.3 @@ -68,6 +68,12 @@ extern char *eay_strerror __P((void)); extern void eay_init_error __P((void)); +/* Generic EVP */ +extern vchar_t *evp_crypt __P((vchar_t *data, vchar_t *key, vchar_t *iv, + const EVP_CIPHER *e, int enc)); +extern int evp_weakkey __P((vchar_t *key, const EVP_CIPHER *e)); +extern int evp_keylen __P((int len, const EVP_CIPHER *e)); + /* DES */ extern vchar_t *eay_des_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); extern vchar_t *eay_des_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); |