src/libstrongswan/plugins/openssl/openssl_crypter.c

   1 /*
   2  * Copyright (C) 2008 Tobias Brunner
   3  * Hochschule fuer Technik Rapperswil
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  *
  15  * $Id$
  16  */
  17
  18 #include "openssl_crypter.h"
  19
  20 #include <openssl/evp.h>
  21
  22 typedef struct private_openssl_crypter_t private_openssl_crypter_t;
  23
  24 /**
  25  * Private data of openssl_crypter_t
  26  */
  27 struct private_openssl_crypter_t {
  28
  29         /**
  30          * Public part of this class.
  31          */
  32         openssl_crypter_t public;
  33
  34         /*
  35          * the key
  36          */
  37         chunk_t key;
  38
  39         /*
  40          * the cipher to use
  41          */
  42         const EVP_CIPHER *cipher;
  43 };
  44
  45 /**
  46  * Mapping from the algorithms defined in IKEv2 to
  47  * OpenSSL algorithm names and their key length
  48  */
  49 typedef struct {
  50         /**
  51          * Identifier specified in IKEv2
  52          */
  53         int ikev2_id;
  54
  55         /**
  56          * Name of the algorithm, as used in OpenSSL
  57          */
  58         char *name;
  59
  60         /**
  61          * Minimum valid key length in bytes
  62          */
  63         size_t key_size_min;
  64
  65         /**
  66          * Maximum valid key length in bytes
  67          */
  68         size_t key_size_max;
  69 } openssl_algorithm_t;
  70
  71 #define END_OF_LIST -1
  72
  73 /**
  74  * Algorithms for encryption
  75  */
  76 static openssl_algorithm_t encryption_algs[] = {
  77 /*      {ENCR_DES_IV64,         "***",                  0,      0}, */
  78         {ENCR_DES,                      "des",                  8,      8},             /* 64 bits */
  79         {ENCR_3DES,             "des3",                 24,     24},    /* 192 bits */
  80         {ENCR_RC5,                      "rc5",                  5,      255},   /* 40 to 2040 bits, RFC 2451 */
  81         {ENCR_IDEA,             "idea",                 16,     16},    /* 128 bits, RFC 2451 */
  82         {ENCR_CAST,             "cast",                 5,      16},    /* 40 to 128 bits, RFC 2451 */
  83         {ENCR_BLOWFISH,         "blowfish",             5,      56},    /* 40 to 448 bits, RFC 2451 */
  84 /*      {ENCR_3IDEA,            "***",                  0,      0}, */
  85 /*      {ENCR_DES_IV32,         "***",                  0,      0}, */
  86 /*      {ENCR_NULL,             "***",                  0,      0}, */ /* handled separately */
  87 /*      {ENCR_AES_CBC,          "***",                  0,      0}, */ /* handled separately */
  88 /*      {ENCR_AES_CTR,          "***",                  0,      0}, */ /* disabled in evp.h */
  89         {END_OF_LIST,           NULL,                   0,      0},
  90 };
  91
  92 /**
  93  * Look up an OpenSSL algorithm name and validate its key size
  94  */
  95 static char* lookup_algorithm(openssl_algorithm_t *openssl_algo,
  96                                            u_int16_t ikev2_algo, size_t key_size)
  97 {
  98         while (openssl_algo->ikev2_id != END_OF_LIST)
  99         {
 100                 if (ikev2_algo == openssl_algo->ikev2_id)
 101                 {
 102                         /* validate key size */
 103                         if (key_size < openssl_algo->key_size_min ||
 104                                 key_size > openssl_algo->key_size_max)
 105                         {
 106                                 return NULL;
 107                         }
 108                         return openssl_algo->name;
 109                 }
 110                 openssl_algo++;
 111         }
 112         return NULL;
 113 }
 114
 115 static void crypt(private_openssl_crypter_t *this, chunk_t data,
 116                                         chunk_t iv, chunk_t *dst, int enc)
 117 {
 118         int len;
 119         u_char *out;
 120
 121         out = data.ptr;
 122         if (dst)
 123         {
 124                 *dst = chunk_alloc(data.len);
 125                 out = dst->ptr;
 126         }
 127         EVP_CIPHER_CTX ctx;
 128         EVP_CIPHER_CTX_init(&ctx);
 129         EVP_CipherInit_ex(&ctx, this->cipher, NULL, this->key.ptr, iv.ptr, enc);
 130         EVP_CIPHER_CTX_set_padding(&ctx, 0); /* disable padding */
 131         EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len);
 132         EVP_CipherFinal_ex(&ctx, out, &len); /* since padding is disabled this does nothing */
 133         EVP_CIPHER_CTX_cleanup(&ctx);
 134 }
 135
 136 /**
 137  * Implementation of crypter_t.decrypt.
 138  */
 139 static void decrypt(private_openssl_crypter_t *this, chunk_t data,
 140                                                 chunk_t iv, chunk_t *dst)
 141 {
 142         crypt(this, data, iv, dst, 0);
 143 }
 144
 145
 146 /**
 147  * Implementation of crypter_t.encrypt.
 148  */
 149 static void encrypt (private_openssl_crypter_t *this, chunk_t data,
 150                                                         chunk_t iv, chunk_t *dst)
 151 {
 152         crypt(this, data, iv, dst, 1);
 153 }
 154
 155 /**
 156  * Implementation of crypter_t.get_block_size.
 157  */
 158 static size_t get_block_size(private_openssl_crypter_t *this)
 159 {
 160         return this->cipher->block_size;
 161 }
 162
 163 /**
 164  * Implementation of crypter_t.get_key_size.
 165  */
 166 static size_t get_key_size(private_openssl_crypter_t *this)
 167 {
 168         return this->key.len;
 169 }
 170
 171 /**
 172  * Implementation of crypter_t.set_key.
 173  */
 174 static void set_key(private_openssl_crypter_t *this, chunk_t key)
 175 {
 176         memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
 177 }
 178
 179 /**
 180  * Implementation of crypter_t.destroy.
 181  */
 182 static void destroy (private_openssl_crypter_t *this)
 183 {
 184         free(this->key.ptr);
 185         free(this);
 186 }
 187
 188 /*
 189  * Described in header
 190  */
 191 openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
 192                                                                                                   size_t key_size)
 193 {
 194         private_openssl_crypter_t *this;
 195
 196         this = malloc_thing(private_openssl_crypter_t);
 197
 198         switch (algo)
 199         {
 200                 case ENCR_NULL:
 201                         this->cipher = EVP_enc_null();
 202                         break;
 203                 case ENCR_AES_CBC:
 204                         switch (key_size)
 205                         {
 206                                 case 16:        /* AES 128 */
 207                                         this->cipher = EVP_get_cipherbyname("aes128");
 208                                         break;
 209                                 case 24:        /* AES-192 */
 210                                         this->cipher = EVP_get_cipherbyname("aes192");
 211                                         break;
 212                                 case 32:        /* AES-256 */
 213                                         this->cipher = EVP_get_cipherbyname("aes256");
 214                                         break;
 215                                 default:
 216                                         free(this);
 217                                         return NULL;
 218                         }
 219                         break;
 220                 default:
 221                 {
 222                         char* name = lookup_algorithm(encryption_algs, algo, key_size);
 223                         if (!name)
 224                         {
 225                                 /* algo unavailable or key_size invalid */
 226                                 free(this);
 227                                 return NULL;
 228                         }
 229                         this->cipher = EVP_get_cipherbyname(name);
 230                         break;
 231                 }
 232         }
 233
 234         if (!this->cipher)
 235         {
 236                 /* OpenSSL does not support the requested algo */
 237                 free(this);
 238                 return NULL;
 239         }
 240
 241         this->key = chunk_alloc(key_size);
 242
 243         this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
 244         this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
 245         this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
 246         this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
 247         this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
 248         this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
 249
 250         return &this->public;
 251 }