openssl: Update crypter API to OpenSSL 1.1.0
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_crypter.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "openssl_crypter.h"
17
18 #include <openssl/evp.h>
19
20 typedef struct private_openssl_crypter_t private_openssl_crypter_t;
21
22 /**
23 * Private data of openssl_crypter_t
24 */
25 struct private_openssl_crypter_t {
26
27 /**
28 * Public part of this class.
29 */
30 openssl_crypter_t public;
31
32 /*
33 * the key
34 */
35 chunk_t key;
36
37 /*
38 * the cipher to use
39 */
40 const EVP_CIPHER *cipher;
41 };
42
43 /**
44 * Look up an OpenSSL algorithm name and validate its key size
45 */
46 static char* lookup_algorithm(uint16_t ikev2_algo, size_t *key_size)
47 {
48 struct {
49 /* identifier specified in IKEv2 */
50 int ikev2_id;
51 /* name of the algorithm, as used in OpenSSL */
52 char *name;
53 /* default key size in bytes */
54 size_t key_def;
55 /* minimum key size */
56 size_t key_min;
57 /* maximum key size */
58 size_t key_max;
59 } mappings[] = {
60 {ENCR_DES, "des-cbc", 8, 8, 8},
61 {ENCR_3DES, "des-ede3-cbc", 24, 24, 24},
62 {ENCR_RC5, "rc5-cbc", 16, 5, 255},
63 {ENCR_IDEA, "idea-cbc", 16, 16, 16},
64 {ENCR_CAST, "cast5-cbc", 16, 5, 16},
65 {ENCR_BLOWFISH, "bf-cbc", 16, 5, 56},
66 };
67 int i;
68
69 for (i = 0; i < countof(mappings); i++)
70 {
71 if (ikev2_algo == mappings[i].ikev2_id)
72 {
73 /* set the key size if it is not set */
74 if (*key_size == 0)
75 {
76 *key_size = mappings[i].key_def;
77 }
78 /* validate key size */
79 if (*key_size < mappings[i].key_min ||
80 *key_size > mappings[i].key_max)
81 {
82 return NULL;
83 }
84 return mappings[i].name;
85 }
86 }
87 return NULL;
88 }
89
90 /**
91 * Do the actual en/decryption in an EVP context
92 */
93 static bool crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
94 chunk_t *dst, int enc)
95 {
96 EVP_CIPHER_CTX *ctx;
97 int len;
98 u_char *out;
99 bool success = FALSE;
100
101 out = data.ptr;
102 if (dst)
103 {
104 *dst = chunk_alloc(data.len);
105 out = dst->ptr;
106 }
107 ctx = EVP_CIPHER_CTX_new();
108 if (EVP_CipherInit_ex(ctx, this->cipher, NULL, NULL, NULL, enc) &&
109 EVP_CIPHER_CTX_set_padding(ctx, 0) /* disable padding */ &&
110 EVP_CIPHER_CTX_set_key_length(ctx, this->key.len) &&
111 EVP_CipherInit_ex(ctx, NULL, NULL, this->key.ptr, iv.ptr, enc) &&
112 EVP_CipherUpdate(ctx, out, &len, data.ptr, data.len) &&
113 /* since padding is disabled this does nothing */
114 EVP_CipherFinal_ex(ctx, out + len, &len))
115 {
116 success = TRUE;
117 }
118 EVP_CIPHER_CTX_free(ctx);
119 return success;
120 }
121
122 METHOD(crypter_t, decrypt, bool,
123 private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
124 {
125 return crypt(this, data, iv, dst, 0);
126 }
127
128 METHOD(crypter_t, encrypt, bool,
129 private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
130 {
131 return crypt(this, data, iv, dst, 1);
132 }
133
134 METHOD(crypter_t, get_block_size, size_t,
135 private_openssl_crypter_t *this)
136 {
137 return EVP_CIPHER_block_size(this->cipher);
138 }
139
140 METHOD(crypter_t, get_iv_size, size_t,
141 private_openssl_crypter_t *this)
142 {
143 return EVP_CIPHER_iv_length(this->cipher);
144 }
145
146 METHOD(crypter_t, get_key_size, size_t,
147 private_openssl_crypter_t *this)
148 {
149 return this->key.len;
150 }
151
152 METHOD(crypter_t, set_key, bool,
153 private_openssl_crypter_t *this, chunk_t key)
154 {
155 memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
156 return TRUE;
157 }
158
159 METHOD(crypter_t, destroy, void,
160 private_openssl_crypter_t *this)
161 {
162 chunk_clear(&this->key);
163 free(this);
164 }
165
166 /*
167 * Described in header
168 */
169 openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
170 size_t key_size)
171 {
172 private_openssl_crypter_t *this;
173
174 INIT(this,
175 .public = {
176 .crypter = {
177 .encrypt = _encrypt,
178 .decrypt = _decrypt,
179 .get_block_size = _get_block_size,
180 .get_iv_size = _get_iv_size,
181 .get_key_size = _get_key_size,
182 .set_key = _set_key,
183 .destroy = _destroy,
184 },
185 },
186 );
187
188 switch (algo)
189 {
190 case ENCR_NULL:
191 this->cipher = EVP_enc_null();
192 key_size = 0;
193 break;
194 case ENCR_AES_CBC:
195 switch (key_size)
196 {
197 case 0:
198 key_size = 16;
199 /* FALL */
200 case 16: /* AES 128 */
201 this->cipher = EVP_get_cipherbyname("aes-128-cbc");
202 break;
203 case 24: /* AES-192 */
204 this->cipher = EVP_get_cipherbyname("aes-192-cbc");
205 break;
206 case 32: /* AES-256 */
207 this->cipher = EVP_get_cipherbyname("aes-256-cbc");
208 break;
209 default:
210 free(this);
211 return NULL;
212 }
213 break;
214 case ENCR_CAMELLIA_CBC:
215 switch (key_size)
216 {
217 case 0:
218 key_size = 16;
219 /* FALL */
220 case 16: /* CAMELLIA 128 */
221 this->cipher = EVP_get_cipherbyname("camellia-128-cbc");
222 break;
223 case 24: /* CAMELLIA 192 */
224 this->cipher = EVP_get_cipherbyname("camellia-192-cbc");
225 break;
226 case 32: /* CAMELLIA 256 */
227 this->cipher = EVP_get_cipherbyname("camellia-256-cbc");
228 break;
229 default:
230 free(this);
231 return NULL;
232 }
233 break;
234 #ifndef OPENSSL_NO_DES
235 case ENCR_DES_ECB:
236 key_size = 8;
237 this->cipher = EVP_des_ecb();
238 break;
239 #endif
240 default:
241 {
242 char* name;
243
244 name = lookup_algorithm(algo, &key_size);
245 if (!name)
246 {
247 /* algo unavailable or key_size invalid */
248 free(this);
249 return NULL;
250 }
251 this->cipher = EVP_get_cipherbyname(name);
252 break;
253 }
254 }
255
256 if (!this->cipher)
257 {
258 /* OpenSSL does not support the requested algo */
259 free(this);
260 return NULL;
261 }
262
263 this->key = chunk_alloc(key_size);
264
265 return &this->public;
266 }