activated CAMELLIA_CBC cipher in openssl plugin
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_crypter.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "openssl_crypter.h"
17
18 #include <openssl/evp.h>
19
20 typedef struct private_openssl_crypter_t private_openssl_crypter_t;
21
22 /**
23 * Private data of openssl_crypter_t
24 */
25 struct private_openssl_crypter_t {
26
27 /**
28 * Public part of this class.
29 */
30 openssl_crypter_t public;
31
32 /*
33 * the key
34 */
35 chunk_t key;
36
37 /*
38 * the cipher to use
39 */
40 const EVP_CIPHER *cipher;
41 };
42
43 /**
44 * Mapping from the algorithms defined in IKEv2 to
45 * OpenSSL algorithm names and their key length
46 */
47 typedef struct {
48 /**
49 * Identifier specified in IKEv2
50 */
51 int ikev2_id;
52
53 /**
54 * Name of the algorithm, as used in OpenSSL
55 */
56 char *name;
57
58 /**
59 * Minimum valid key length in bytes
60 */
61 size_t key_size_min;
62
63 /**
64 * Maximum valid key length in bytes
65 */
66 size_t key_size_max;
67 } openssl_algorithm_t;
68
69 #define END_OF_LIST -1
70
71 /**
72 * Algorithms for encryption
73 */
74 static openssl_algorithm_t encryption_algs[] = {
75 /* {ENCR_DES_IV64, "***", 0, 0}, */
76 {ENCR_DES, "des", 8, 8}, /* 64 bits */
77 {ENCR_3DES, "des3", 24, 24}, /* 192 bits */
78 {ENCR_RC5, "rc5", 5, 255}, /* 40 to 2040 bits, RFC 2451 */
79 {ENCR_IDEA, "idea", 16, 16}, /* 128 bits, RFC 2451 */
80 {ENCR_CAST, "cast", 5, 16}, /* 40 to 128 bits, RFC 2451 */
81 {ENCR_BLOWFISH, "blowfish", 5, 56}, /* 40 to 448 bits, RFC 2451 */
82 /* {ENCR_3IDEA, "***", 0, 0}, */
83 /* {ENCR_DES_IV32, "***", 0, 0}, */
84 /* {ENCR_NULL, "***", 0, 0}, */ /* handled separately */
85 /* {ENCR_AES_CBC, "***", 0, 0}, */ /* handled separately */
86 /* {ENCR_CAMELLIA_CBC, "***", 0, 0}, */ /* handled separately */
87 /* {ENCR_AES_CTR, "***", 0, 0}, */ /* disabled in evp.h */
88 {END_OF_LIST, NULL, 0, 0},
89 };
90
91 /**
92 * Look up an OpenSSL algorithm name and validate its key size
93 */
94 static char* lookup_algorithm(openssl_algorithm_t *openssl_algo,
95 u_int16_t ikev2_algo, size_t *key_size)
96 {
97 while (openssl_algo->ikev2_id != END_OF_LIST)
98 {
99 if (ikev2_algo == openssl_algo->ikev2_id)
100 {
101 /* set the key size if it is not set */
102 if (*key_size == 0 &&
103 (openssl_algo->key_size_min == openssl_algo->key_size_max))
104 {
105 *key_size = openssl_algo->key_size_min;
106 }
107
108 /* validate key size */
109 if (*key_size < openssl_algo->key_size_min ||
110 *key_size > openssl_algo->key_size_max)
111 {
112 return NULL;
113 }
114 return openssl_algo->name;
115 }
116 openssl_algo++;
117 }
118 return NULL;
119 }
120
121 static void crypt(private_openssl_crypter_t *this, chunk_t data,
122 chunk_t iv, chunk_t *dst, int enc)
123 {
124 int len;
125 u_char *out;
126
127 out = data.ptr;
128 if (dst)
129 {
130 *dst = chunk_alloc(data.len);
131 out = dst->ptr;
132 }
133 EVP_CIPHER_CTX ctx;
134 EVP_CIPHER_CTX_init(&ctx);
135 EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc);
136 EVP_CIPHER_CTX_set_padding(&ctx, 0); /* disable padding */
137 EVP_CIPHER_CTX_set_key_length(&ctx, this->key.len);
138 EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, iv.ptr, enc);
139 EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len);
140 EVP_CipherFinal_ex(&ctx, out + len, &len); /* since padding is disabled this does nothing */
141 EVP_CIPHER_CTX_cleanup(&ctx);
142 }
143
144 /**
145 * Implementation of crypter_t.decrypt.
146 */
147 static void decrypt(private_openssl_crypter_t *this, chunk_t data,
148 chunk_t iv, chunk_t *dst)
149 {
150 crypt(this, data, iv, dst, 0);
151 }
152
153
154 /**
155 * Implementation of crypter_t.encrypt.
156 */
157 static void encrypt (private_openssl_crypter_t *this, chunk_t data,
158 chunk_t iv, chunk_t *dst)
159 {
160 crypt(this, data, iv, dst, 1);
161 }
162
163 /**
164 * Implementation of crypter_t.get_block_size.
165 */
166 static size_t get_block_size(private_openssl_crypter_t *this)
167 {
168 return this->cipher->block_size;
169 }
170
171 /**
172 * Implementation of crypter_t.get_key_size.
173 */
174 static size_t get_key_size(private_openssl_crypter_t *this)
175 {
176 return this->key.len;
177 }
178
179 /**
180 * Implementation of crypter_t.set_key.
181 */
182 static void set_key(private_openssl_crypter_t *this, chunk_t key)
183 {
184 memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
185 }
186
187 /**
188 * Implementation of crypter_t.destroy.
189 */
190 static void destroy (private_openssl_crypter_t *this)
191 {
192 free(this->key.ptr);
193 free(this);
194 }
195
196 /*
197 * Described in header
198 */
199 openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
200 size_t key_size)
201 {
202 private_openssl_crypter_t *this;
203
204 this = malloc_thing(private_openssl_crypter_t);
205
206 switch (algo)
207 {
208 case ENCR_NULL:
209 this->cipher = EVP_enc_null();
210 break;
211 case ENCR_AES_CBC:
212 switch (key_size)
213 {
214 case 16: /* AES 128 */
215 this->cipher = EVP_get_cipherbyname("aes128");
216 break;
217 case 24: /* AES-192 */
218 this->cipher = EVP_get_cipherbyname("aes192");
219 break;
220 case 32: /* AES-256 */
221 this->cipher = EVP_get_cipherbyname("aes256");
222 break;
223 default:
224 free(this);
225 return NULL;
226 }
227 break;
228 case ENCR_CAMELLIA_CBC:
229 switch (key_size)
230 {
231 case 16: /* CAMELLIA 128 */
232 this->cipher = EVP_get_cipherbyname("camellia128");
233 break;
234 case 24: /* CAMELLIA 192 */
235 this->cipher = EVP_get_cipherbyname("camellia192");
236 break;
237 case 32: /* CAMELLIA 256 */
238 this->cipher = EVP_get_cipherbyname("camellia256");
239 break;
240 default:
241 free(this);
242 return NULL;
243 }
244 break;
245 case ENCR_DES_ECB:
246 this->cipher = EVP_des_ecb();
247 break;
248 default:
249 {
250 char* name = lookup_algorithm(encryption_algs, algo, &key_size);
251 if (!name)
252 {
253 /* algo unavailable or key_size invalid */
254 free(this);
255 return NULL;
256 }
257 this->cipher = EVP_get_cipherbyname(name);
258 break;
259 }
260 }
261
262 if (!this->cipher)
263 {
264 /* OpenSSL does not support the requested algo */
265 free(this);
266 return NULL;
267 }
268
269 this->key = chunk_alloc(key_size);
270
271 this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
272 this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
273 this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
274 this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
275 this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
276 this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
277
278 return &this->public;
279 }