1 // SoftEther VPN Source Code - Developer Edition Master Branch
2 // Mayaqua Kernel
3 // © 2020 Nokia
4
5 // Encrypt.c
6 // Encryption and digital certification routine
7
8 #include "Encrypt.h"
9
10 #include "FileIO.h"
11 #include "Internat.h"
12 #include "Kernel.h"
13 #include "Memory.h"
14 #include "Object.h"
15 #include "Str.h"
16
17 #include <string.h>
18
19 #include <openssl/crypto.h>
20 #include <openssl/ssl.h>
21 #include <openssl/err.h>
22 #include <openssl/rand.h>
23 #include <openssl/engine.h>
24 #include <openssl/bio.h>
25 #include <openssl/x509.h>
26 #include <openssl/pkcs7.h>
27 #include <openssl/pkcs12.h>
28 #include <openssl/rc4.h>
29 #include <openssl/md5.h>
30 #include <openssl/md4.h>
31 #include <openssl/hmac.h>
32 #include <openssl/sha.h>
33 #include <openssl/des.h>
34 #include <openssl/aes.h>
35 #include <openssl/rsa.h>
36 #include <openssl/dh.h>
37 #include <openssl/bn.h>
38 #include <openssl/pem.h>
39 #include <openssl/conf.h>
40 #include <openssl/x509v3.h>
41
42 #ifdef _MSC_VER
43 #include <intrin.h> // For __cpuid()
44 #else // _MSC_VER
45
46
47 #ifndef SKIP_CPU_FEATURES
48 #include "cpu_features_macros.h"
49 #endif
50
51 #if defined(CPU_FEATURES_ARCH_X86)
52 #include "cpuinfo_x86.h"
53 #elif defined(CPU_FEATURES_ARCH_ARM)
54 #include "cpuinfo_arm.h"
55 #elif defined(CPU_FEATURES_ARCH_AARCH64)
56 #include "cpuinfo_aarch64.h"
57 #elif defined(CPU_FEATURES_ARCH_MIPS)
58 #include "cpuinfo_mips.h"
59 #elif defined(CPU_FEATURES_ARCH_PPC)
60 #include "cpuinfo_ppc.h"
61 #endif
62 #endif // _MSC_VER
63
64 // OpenSSL <1.1 Shims
65 #if OPENSSL_VERSION_NUMBER < 0x10100000L
66 # define EVP_PKEY_get0_RSA(obj) ((obj)->pkey.rsa)
67 # define EVP_PKEY_base_id(pkey) ((pkey)->type)
68 # define X509_get0_notBefore(x509) ((x509)->cert_info->validity->notBefore)
69 # define X509_get0_notAfter(x509) ((x509)->cert_info->validity->notAfter)
70 # define X509_get_serialNumber(x509) ((x509)->cert_info->serialNumber)
71 #endif
72
73 #ifndef EVP_CTRL_AEAD_GET_TAG
74 # define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG
75 #endif
76
77 #ifndef EVP_CTRL_AEAD_SET_TAG
78 # define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
79 #endif
80
81 LOCK *openssl_lock = NULL;
82
83 int ssl_clientcert_index = 0;
84
85 LOCK **ssl_lock_obj = NULL;
86 UINT ssl_lock_num;
87 static bool openssl_inited = false;
88
89 static UINT Internal_HMac(const EVP_MD *md, void *dest, void *key, UINT key_size, const void *src, const UINT src_size);
90 static void Internal_Sha0(unsigned char *dest, const unsigned char *src, const UINT size);
91
92 // For the callback function
93 typedef struct CB_PARAM
94 {
95 char *password;
96 } CB_PARAM;
97
98 // Copied from t1_enc.c of OpenSSL
Enc_tls1_P_hash(const EVP_MD * md,const unsigned char * sec,int sec_len,const unsigned char * seed,int seed_len,unsigned char * out,int olen)99 void Enc_tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
100 const unsigned char *seed, int seed_len, unsigned char *out, int olen)
101 {
102 int chunk,n;
103 unsigned int j;
104 HMAC_CTX *ctx;
105 HMAC_CTX *ctx_tmp;
106 unsigned char A1[EVP_MAX_MD_SIZE];
107 unsigned int A1_len;
108
109 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
110 ctx = HMAC_CTX_new();
111 ctx_tmp = HMAC_CTX_new();
112 #else
113 HMAC_CTX ctx_;
114 HMAC_CTX ctx_tmp_;
115 ctx = &ctx_;
116 ctx_tmp = &ctx_tmp_;
117 Zero(ctx, sizeof(HMAC_CTX));
118 Zero(ctx_tmp, sizeof(HMAC_CTX));
119 #endif
120 chunk=EVP_MD_size(md);
121
122 HMAC_Init_ex(ctx,sec,sec_len,md, NULL);
123 HMAC_Init_ex(ctx_tmp,sec,sec_len,md, NULL);
124 HMAC_Update(ctx,seed,seed_len);
125 HMAC_Final(ctx,A1,&A1_len);
126
127 n=0;
128 for (;;)
129 {
130 HMAC_Init_ex(ctx,NULL,0,NULL,NULL); /* re-init */
131 HMAC_Init_ex(ctx_tmp,NULL,0,NULL,NULL); /* re-init */
132 HMAC_Update(ctx,A1,A1_len);
133 HMAC_Update(ctx_tmp,A1,A1_len);
134 HMAC_Update(ctx,seed,seed_len);
135
136 if (olen > chunk)
137 {
138 HMAC_Final(ctx,out,&j);
139 out+=j;
140 olen-=j;
141 HMAC_Final(ctx_tmp,A1,&A1_len); /* calc the next A1 value */
142 }
143 else /* last one */
144 {
145 HMAC_Final(ctx,A1,&A1_len);
146 memcpy(out,A1,olen);
147 break;
148 }
149 }
150 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
151 HMAC_CTX_free(ctx);
152 HMAC_CTX_free(ctx_tmp);
153 #else
154 HMAC_CTX_cleanup(ctx);
155 HMAC_CTX_cleanup(ctx_tmp);
156 #endif
157 Zero (A1, sizeof(A1));
158 }
159
Enc_tls1_PRF(unsigned char * label,int label_len,const unsigned char * sec,int slen,unsigned char * out1,int olen)160 void Enc_tls1_PRF(unsigned char *label, int label_len, const unsigned char *sec,
161 int slen, unsigned char *out1, int olen)
162 {
163 const EVP_MD *md5 = EVP_md5();
164 const EVP_MD *sha1 = EVP_sha1();
165 int len,i;
166 const unsigned char *S1,*S2;
167 unsigned char *out2;
168
169 out2 = (unsigned char *) Malloc (olen);
170
171 len=slen/2;
172 S1=sec;
173 S2= &(sec[len]);
174 len+=(slen&1); /* add for odd, make longer */
175
176
177 Enc_tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
178 Enc_tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
179
180 for (i=0; i<olen; i++)
181 out1[i]^=out2[i];
182
183 memset (out2, 0, olen);
184 Free(out2);
185 }
186
187 // MD4 specific hash function
HashMd4(void * dst,void * src,UINT size)188 void HashMd4(void *dst, void *src, UINT size)
189 {
190 // Validate arguments
191 if (dst == NULL || (src == NULL && size != 0))
192 {
193 return;
194 }
195
196 MD4(src, size, dst);
197 }
198
199 // MD5 hash
Md5(void * dst,void * src,UINT size)200 void Md5(void *dst, void *src, UINT size)
201 {
202 // Validate arguments
203 if (dst == NULL || (src == NULL && size != 0))
204 {
205 return;
206 }
207
208 MD5(src, size, dst);
209 }
210
211 // SHA hash
Sha(UINT sha_type,void * dst,void * src,UINT size)212 void Sha(UINT sha_type, void *dst, void *src, UINT size)
213 {
214 // Validate arguments
215 if (dst == NULL || (src == NULL && size != 0))
216 {
217 return;
218 }
219
220 switch(sha_type) {
221 case SHA1_160:
222 SHA1(src, size, dst);
223 break;
224 case SHA2_256:
225 SHA256(src, size, dst);
226 break;
227 case SHA2_384:
228 SHA384(src, size, dst);
229 break;
230 case SHA2_512:
231 SHA512(src, size, dst);
232 break;
233 }
234 }
235
Sha0(void * dst,void * src,UINT size)236 void Sha0(void *dst, void *src, UINT size)
237 {
238 // Validate arguments
239 if (dst == NULL || (src == NULL && size != 0))
240 {
241 return;
242 }
243
244 Internal_Sha0(dst, src, size);
245 }
246
Sha1(void * dst,void * src,UINT size)247 void Sha1(void *dst, void *src, UINT size)
248 {
249 Sha(SHA1_160, dst, src, size);
250 }
251
Sha2_256(void * dst,void * src,UINT size)252 void Sha2_256(void *dst, void *src, UINT size)
253 {
254 Sha(SHA2_256, dst, src, size);
255 }
256
Sha2_384(void * dst,void * src,UINT size)257 void Sha2_384(void *dst, void *src, UINT size)
258 {
259 Sha(SHA2_384, dst, src, size);
260 }
261
Sha2_512(void * dst,void * src,UINT size)262 void Sha2_512(void *dst, void *src, UINT size)
263 {
264 Sha(SHA2_512, dst, src, size);
265 }
266
HashSha1(void * dst,void * src,UINT size)267 void HashSha1(void *dst, void *src, UINT size)
268 {
269 Sha1(dst, src, size);
270 }
271
272 // Calculation of HMAC (MD5)
HMacMd5(void * dst,void * key,UINT key_size,void * src,UINT src_size)273 UINT HMacMd5(void *dst, void *key, UINT key_size, void *src, UINT src_size)
274 {
275 return Internal_HMac(EVP_md5(), dst, key, key_size, src, src_size);
276 }
277
278 // Calculation of HMAC (SHA-1)
HMacSha1(void * dst,void * key,UINT key_size,void * src,UINT src_size)279 UINT HMacSha1(void *dst, void *key, UINT key_size, void *src, UINT src_size)
280 {
281 return Internal_HMac(EVP_sha1(), dst, key, key_size, src, src_size);
282 }
283
284 // Creating a message digest object
NewMd(char * name)285 MD *NewMd(char *name)
286 {
287 return NewMdEx(name, true);
288 }
289
NewMdEx(char * name,bool hmac)290 MD *NewMdEx(char *name, bool hmac)
291 {
292 MD *m;
293
294 // Validate arguments
295 if (name == NULL)
296 {
297 return NULL;
298 }
299
300 m = ZeroMalloc(sizeof(MD));
301
302 StrCpy(m->Name, sizeof(m->Name), name);
303
304 if (StrCmpi(name, "[null-digest]") == 0 ||
305 StrCmpi(name, "NULL") == 0 ||
306 IsEmptyStr(name))
307 {
308 m->IsNullMd = true;
309 return m;
310 }
311
312 m->Md = EVP_get_digestbyname(name);
313 if (m->Md == NULL)
314 {
315 Debug("NewMdEx(): Algorithm %s not found by EVP_get_digestbyname().\n", m->Name);
316 FreeMd(m);
317 return NULL;
318 }
319
320 m->Size = EVP_MD_size(m->Md);
321 m->IsHMac = hmac;
322
323 if (hmac)
324 {
325 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
326 m->Ctx = HMAC_CTX_new();
327 #else
328 m->Ctx = ZeroMalloc(sizeof(struct hmac_ctx_st));
329 HMAC_CTX_init(m->Ctx);
330 #endif
331 }
332 else
333 {
334 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
335 m->Ctx = EVP_MD_CTX_new();
336 #else
337 m->Ctx = EVP_MD_CTX_create();
338 #endif
339 if (EVP_DigestInit_ex(m->Ctx, m->Md, NULL) == false)
340 {
341 Debug("NewMdEx(): EVP_DigestInit_ex() failed with error: %s\n", OpenSSL_Error());
342 FreeMd(m);
343 }
344 }
345
346 return m;
347 }
348
349 // Set the key to the message digest object
SetMdKey(MD * md,void * key,UINT key_size)350 bool SetMdKey(MD *md, void *key, UINT key_size)
351 {
352 // Validate arguments
353 if (md == NULL || md->IsHMac == false || key == NULL || key_size == 0)
354 {
355 return false;
356 }
357
358 if (HMAC_Init_ex(md->Ctx, key, key_size, md->Md, NULL) == false)
359 {
360 Debug("SetMdKey(): HMAC_Init_ex() failed with error: %s\n", OpenSSL_Error());
361 return false;
362 }
363
364 return true;
365 }
366
367 // Calculate the hash/HMAC
MdProcess(MD * md,void * dest,void * src,UINT size)368 UINT MdProcess(MD *md, void *dest, void *src, UINT size)
369 {
370 UINT len = 0;
371
372 // Validate arguments
373 if (md == NULL || md->IsNullMd || dest == NULL || (src == NULL && size != 0))
374 {
375 return 0;
376 }
377
378 if (md->IsHMac)
379 {
380 // WARNING: Do not remove the call to HMAC_Init_ex(), it's required even if the context is initialized by SetMdKey()!
381 if (HMAC_Init_ex(md->Ctx, NULL, 0, NULL, NULL) == false)
382 {
383 Debug("MdProcess(): HMAC_Init_ex() failed with error: %s\n", OpenSSL_Error());
384 return 0;
385 }
386
387 if (HMAC_Update(md->Ctx, src, size) == false)
388 {
389 Debug("MdProcess(): HMAC_Update() failed with error: %s\n", OpenSSL_Error());
390 return 0;
391 }
392
393 if (HMAC_Final(md->Ctx, dest, &len) == false)
394 {
395 Debug("MdProcess(): HMAC_Final() failed with error: %s\n", OpenSSL_Error());
396 }
397 }
398 else
399 {
400 if (EVP_DigestUpdate(md->Ctx, src, size) == false)
401 {
402 Debug("MdProcess(): EVP_DigestUpdate() failed with error: %s\n", OpenSSL_Error());
403 return 0;
404 }
405
406 if (EVP_DigestFinal_ex(md->Ctx, dest, &len) == false)
407 {
408 Debug("MdProcess(): EVP_DigestFinal_ex() failed with error: %s\n", OpenSSL_Error());
409 }
410 }
411
412 return len;
413 }
414
415 // Release of the message digest object
FreeMd(MD * md)416 void FreeMd(MD *md)
417 {
418 // Validate arguments
419 if (md == NULL)
420 {
421 return;
422 }
423
424 if (md->Ctx != NULL)
425 {
426 if (md->IsHMac)
427 {
428 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
429 HMAC_CTX_free(md->Ctx);
430 #else
431 HMAC_CTX_cleanup(md->Ctx);
432 Free(md->Ctx);
433 #endif
434 }
435 else
436 {
437 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
438 EVP_MD_CTX_free(md->Ctx);
439 #else
440 EVP_MD_CTX_destroy(md->Ctx);
441 #endif
442 }
443 }
444
445 Free(md);
446 }
447
448 // Creating a cipher object
NewCipher(char * name)449 CIPHER *NewCipher(char *name)
450 {
451 CIPHER *c;
452 // Validate arguments
453 if (name == NULL)
454 {
455 return NULL;
456 }
457
458 c = ZeroMalloc(sizeof(CIPHER));
459
460 StrCpy(c->Name, sizeof(c->Name), name);
461
462 if (StrCmpi(name, "[null-cipher]") == 0 ||
463 StrCmpi(name, "NULL") == 0 ||
464 IsEmptyStr(name))
465 {
466 c->IsNullCipher = true;
467 return c;
468 }
469
470 c->Cipher = EVP_get_cipherbyname(c->Name);
471 if (c->Cipher == NULL)
472 {
473 Debug("NewCipher(): Cipher %s not found by EVP_get_cipherbyname().\n", c->Name);
474 FreeCipher(c);
475 return NULL;
476 }
477
478 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
479 c->Ctx = EVP_CIPHER_CTX_new();
480 #else
481 c->Ctx = ZeroMalloc(sizeof(struct evp_cipher_ctx_st));
482 EVP_CIPHER_CTX_init(c->Ctx);
483 #endif
484
485 c->IsAeadCipher = EVP_CIPHER_flags(c->Cipher) & EVP_CIPH_FLAG_AEAD_CIPHER;
486 c->BlockSize = EVP_CIPHER_block_size(c->Cipher);
487 c->KeySize = EVP_CIPHER_key_length(c->Cipher);
488 c->IvSize = EVP_CIPHER_iv_length(c->Cipher);
489
490 return c;
491 }
492
493 // Set the key to the cipher object
SetCipherKey(CIPHER * c,void * key,bool enc)494 void SetCipherKey(CIPHER *c, void *key, bool enc)
495 {
496 // Validate arguments
497 if (c == NULL || key == NULL)
498 {
499 return;
500 }
501
502 if (c->IsNullCipher == false)
503 {
504 if (c->Ctx != NULL)
505 {
506 EVP_CipherInit(c->Ctx, c->Cipher, key, NULL, enc);
507 }
508 }
509
510 c->Encrypt = enc;
511 }
512
513 // Process encryption / decryption
CipherProcess(CIPHER * c,void * iv,void * dest,void * src,UINT size)514 UINT CipherProcess(CIPHER *c, void *iv, void *dest, void *src, UINT size)
515 {
516 int r = size;
517 int r2 = 0;
518 if (c != NULL && c->IsNullCipher)
519 {
520 if (dest != src)
521 {
522 Copy(dest, src, size);
523 }
524 return size;
525 }
526 // Validate arguments
527 if (c == NULL || iv == NULL || dest == NULL || src == NULL || size == 0)
528 {
529 return 0;
530 }
531
532 if (EVP_CipherInit(c->Ctx, NULL, NULL, iv, c->Encrypt) == 0)
533 {
534 return 0;
535 }
536
537 if (EVP_CipherUpdate(c->Ctx, dest, &r, src, size) == 0)
538 {
539 return 0;
540 }
541
542 if (EVP_CipherFinal(c->Ctx, ((UCHAR *)dest) + (UINT)r, &r2) == 0)
543 {
544 return 0;
545 }
546
547 return r + r2;
548 }
549
550 // Process encryption / decryption (AEAD)
CipherProcessAead(CIPHER * c,void * iv,void * tag,UINT tag_size,void * dest,void * src,UINT src_size,void * aad,UINT aad_size)551 UINT CipherProcessAead(CIPHER *c, void *iv, void *tag, UINT tag_size, void *dest, void *src, UINT src_size, void *aad, UINT aad_size)
552 {
553 int r = src_size;
554 int r2 = 0;
555 // Validate arguments
556 if (c == NULL)
557 {
558 return 0;
559 }
560 else if (c->IsNullCipher)
561 {
562 Copy(dest, src, src_size);
563 return src_size;
564 }
565 else if (c->IsAeadCipher == false || iv == NULL || tag == NULL || tag_size == 0 || dest == NULL || src == NULL || src_size == 0)
566 {
567 return 0;
568 }
569
570 if (EVP_CipherInit_ex(c->Ctx, NULL, NULL, NULL, iv, c->Encrypt) == false)
571 {
572 Debug("CipherProcessAead(): EVP_CipherInit_ex() failed with error: %s\n", OpenSSL_Error());
573 return 0;
574 }
575
576 if (c->Encrypt == false)
577 {
578 if (EVP_CIPHER_CTX_ctrl(c->Ctx, EVP_CTRL_AEAD_SET_TAG, tag_size, tag) == false)
579 {
580 Debug("CipherProcessAead(): EVP_CIPHER_CTX_ctrl() failed to set the tag!\n");
581 return 0;
582 }
583 }
584
585 if (aad != NULL && aad_size != 0)
586 {
587 if (EVP_CipherUpdate(c->Ctx, NULL, &r, aad, aad_size) == false)
588 {
589 Debug("CipherProcessAead(): EVP_CipherUpdate() failed with error: %s\n", OpenSSL_Error());
590 return 0;
591 }
592 }
593
594 if (EVP_CipherUpdate(c->Ctx, dest, &r, src, src_size) == false)
595 {
596 Debug("CipherProcessAead(): EVP_CipherUpdate() failed with error: %s\n", OpenSSL_Error());
597 return 0;
598 }
599
600 if (EVP_CipherFinal_ex(c->Ctx, ((UCHAR *)dest) + (UINT)r, &r2) == false)
601 {
602 Debug("CipherProcessAead(): EVP_CipherFinal_ex() failed with error: %s\n", OpenSSL_Error());
603 return 0;
604 }
605
606 if (c->Encrypt)
607 {
608 if (EVP_CIPHER_CTX_ctrl(c->Ctx, EVP_CTRL_AEAD_GET_TAG, tag_size, tag) == false)
609 {
610 Debug("CipherProcessAead(): EVP_CIPHER_CTX_ctrl() failed to get the tag!\n");
611 return 0;
612 }
613 }
614
615 return r + r2;
616 }
617
618 // Release of the cipher object
FreeCipher(CIPHER * c)619 void FreeCipher(CIPHER *c)
620 {
621 // Validate arguments
622 if (c == NULL)
623 {
624 return;
625 }
626
627 if (c->Ctx != NULL)
628 {
629 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
630 EVP_CIPHER_CTX_free(c->Ctx);
631 #else
632 EVP_CIPHER_CTX_cleanup(c->Ctx);
633 Free(c->Ctx);
634 #endif
635 }
636
637 Free(c);
638 }
639
640 // Convert the public key to a buffer
RsaPublicToBuf(K * k)641 BUF *RsaPublicToBuf(K *k)
642 {
643 BUF *b;
644 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
645 RSA *rsa;
646 const BIGNUM *n;
647 #endif
648 // Validate arguments
649 if (k == NULL || k->pkey == NULL)
650 {
651 return NULL;
652 }
653
654 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
655 rsa = EVP_PKEY_get0_RSA(k->pkey);
656 if (rsa == NULL)
657 {
658 return NULL;
659 }
660
661 RSA_get0_key(rsa, &n, NULL, NULL);
662 if (n == NULL)
663 {
664 return NULL;
665 }
666
667 b = BigNumToBuf(n);
668 #else
669 if (k->pkey->pkey.rsa == NULL || k->pkey->pkey.rsa->n == NULL)
670 {
671 return NULL;
672 }
673
674 b = BigNumToBuf(k->pkey->pkey.rsa->n);
675 #endif
676
677 if (b == NULL)
678 {
679 return NULL;
680 }
681
682 return b;
683 }
684
685 // Get public key size
RsaPublicSize(K * k)686 UINT RsaPublicSize(K *k)
687 {
688 BUF *b;
689 UINT ret;
690
691 b = RsaPublicToBuf(k);
692 if (b == NULL)
693 {
694 return 0;
695 }
696
697 ret = b->Size;
698
699 FreeBuf(b);
700
701 return ret;
702 }
703
704 // Hash a pointer to a 32-bit
HashPtrToUINT(void * p)705 UINT HashPtrToUINT(void *p)
706 {
707 UCHAR hash_data[MD5_SIZE];
708 UINT ret;
709 // Validate arguments
710 if (p == NULL)
711 {
712 return 0;
713 }
714
715 Md5(hash_data, &p, sizeof(p));
716
717 Copy(&ret, hash_data, sizeof(ret));
718
719 return ret;
720 }
721
722 // Copy of the NAME
CopyName(NAME * n)723 NAME *CopyName(NAME *n)
724 {
725 // Validate arguments
726 if (n == NULL)
727 {
728 return NULL;
729 }
730
731 return NewName(n->CommonName, n->Organization, n->Unit,
732 n->Country, n->State, n->Local);
733 }
734
735 // Convert the binary to the BIGNUM
BinToBigNum(void * data,UINT size)736 BIGNUM *BinToBigNum(void *data, UINT size)
737 {
738 BIGNUM *bn;
739 // Validate arguments
740 if (data == NULL)
741 {
742 return NULL;
743 }
744
745 bn = BN_new();
746 BN_bin2bn(data, size, bn);
747
748 return bn;
749 }
750
751 // Convert a BIGNUM to a buffer
BigNumToBuf(const BIGNUM * bn)752 BUF *BigNumToBuf(const BIGNUM *bn)
753 {
754 UINT size;
755 UCHAR *tmp;
756 BUF *b;
757 // Validate arguments
758 if (bn == NULL)
759 {
760 return NULL;
761 }
762
763 size = BN_num_bytes(bn);
764 tmp = ZeroMalloc(size);
765 BN_bn2bin(bn, tmp);
766
767 b = NewBuf();
768 WriteBuf(b, tmp, size);
769 Free(tmp);
770
771 SeekBuf(b, 0, 0);
772
773 return b;
774 }
775
776 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
777 // Return the thread ID
OpenSSL_Id(CRYPTO_THREADID * id)778 static void OpenSSL_Id(CRYPTO_THREADID *id)
779 {
780 CRYPTO_THREADID_set_numeric(id, (unsigned long)ThreadId());
781 }
782 #endif
783
784 // Initialization of the lock of OpenSSL
OpenSSL_InitLock()785 void OpenSSL_InitLock()
786 {
787 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
788 UINT i;
789
790 // Initialization of the lock object
791 ssl_lock_num = CRYPTO_num_locks();
792 ssl_lock_obj = Malloc(sizeof(LOCK *) * ssl_lock_num);
793 for (i = 0;i < ssl_lock_num;i++)
794 {
795 ssl_lock_obj[i] = NewLock();
796 }
797
798 // Setting the lock function
799 CRYPTO_set_locking_callback(OpenSSL_Lock);
800 CRYPTO_THREADID_set_callback(OpenSSL_Id);
801 #endif
802 }
803
804 // Release of the lock of OpenSSL
OpenSSL_FreeLock()805 void OpenSSL_FreeLock()
806 {
807 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
808 UINT i;
809
810 for (i = 0;i < ssl_lock_num;i++)
811 {
812 DeleteLock(ssl_lock_obj[i]);
813 }
814 Free(ssl_lock_obj);
815 ssl_lock_obj = NULL;
816
817 CRYPTO_set_locking_callback(NULL);
818 CRYPTO_THREADID_set_callback(NULL);
819 #endif
820 }
821
822 // Lock function for OpenSSL
OpenSSL_Lock(int mode,int n,const char * file,int line)823 void OpenSSL_Lock(int mode, int n, const char *file, int line)
824 {
825 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
826 LOCK *lock = ssl_lock_obj[n];
827
828 if (mode & CRYPTO_LOCK)
829 {
830 // Lock
831 Lock(lock);
832 }
833 else
834 {
835 // Unlock
836 Unlock(lock);
837 }
838 #endif
839 }
840
OpenSSL_Error()841 char *OpenSSL_Error()
842 {
843 return ERR_error_string(ERR_get_error(), NULL);
844 }
845
846 // Get the display name of the certificate
GetPrintNameFromX(wchar_t * str,UINT size,X * x)847 void GetPrintNameFromX(wchar_t *str, UINT size, X *x)
848 {
849 // Validate arguments
850 if (x == NULL || str == NULL)
851 {
852 return;
853 }
854
855 GetPrintNameFromName(str, size, x->subject_name);
856 }
GetPrintNameFromXA(char * str,UINT size,X * x)857 void GetPrintNameFromXA(char *str, UINT size, X *x)
858 {
859 wchar_t tmp[MAX_SIZE];
860 // Validate arguments
861 if (str == NULL || x == NULL)
862 {
863 return;
864 }
865
866 GetPrintNameFromX(tmp, sizeof(tmp), x);
867
868 UniToStr(str, size, tmp);
869 }
870
871 // Get the display name from NAME
GetPrintNameFromName(wchar_t * str,UINT size,NAME * name)872 void GetPrintNameFromName(wchar_t *str, UINT size, NAME *name)
873 {
874 // Validate arguments
875 if (str == NULL || name == NULL)
876 {
877 return;
878 }
879
880 if (name->CommonName != NULL)
881 {
882 UniStrCpy(str, size, name->CommonName);
883 }
884 else if (name->Organization != NULL)
885 {
886 UniStrCpy(str, size, name->Organization);
887 }
888 else if (name->Unit != NULL)
889 {
890 UniStrCpy(str, size, name->Unit);
891 }
892 else if (name->State != NULL)
893 {
894 UniStrCpy(str, size, name->State);
895 }
896 else if (name->Local != NULL)
897 {
898 UniStrCpy(str, size, name->Local);
899 }
900 else if (name->Country != NULL)
901 {
902 UniStrCpy(str, size, name->Country);
903 }
904 else
905 {
906 UniStrCpy(str, size, L"untitled");
907 }
908 }
909
910 // Get all the name strings from the certificate
GetAllNameFromX(wchar_t * str,UINT size,X * x)911 void GetAllNameFromX(wchar_t *str, UINT size, X *x)
912 {
913 UCHAR md5[MD5_SIZE], sha1[SHA1_SIZE];
914 char tmp1[MD5_SIZE * 3 + 8], tmp2[SHA1_SIZE * 3 + 8];
915 wchar_t tmp3[sizeof(tmp1) + sizeof(tmp2) + 64];
916 // Validate arguments
917 if (str == NULL || x == NULL)
918 {
919 return;
920 }
921
922 GetAllNameFromName(str, size, x->subject_name);
923
924 if (x->serial != NULL && x->serial->size >= 1)
925 {
926 char tmp[128];
927 wchar_t tmp2[128];
928
929 BinToStr(tmp, sizeof(tmp), x->serial->data, x->serial->size);
930 UniFormat(tmp2, sizeof(tmp2), L", SERIAL=\"%S\"", tmp);
931
932 UniStrCat(str, size, tmp2);
933 }
934
935 // Digest value
936 GetXDigest(x, md5, false);
937 GetXDigest(x, sha1, true);
938
939 BinToStr(tmp1, sizeof(tmp1), md5, MD5_SIZE);
940 BinToStr(tmp2, sizeof(tmp2), sha1, SHA1_SIZE);
941
942 UniFormat(tmp3, sizeof(tmp3), L" (Digest: MD5=\"%S\", SHA1=\"%S\")", tmp1, tmp2);
943 UniStrCat(str, size, tmp3);
944 }
945
946 // Get the all name strings from NAME
GetAllNameFromName(wchar_t * str,UINT size,NAME * name)947 void GetAllNameFromName(wchar_t *str, UINT size, NAME *name)
948 {
949 UniStrCpy(str, size, L"");
950 // Validate arguments
951 if (str == NULL || name == NULL)
952 {
953 return;
954 }
955
956 if (name->CommonName != NULL)
957 {
958 UniFormat(str, size, L"%sCN=%s, ", str, name->CommonName);
959 }
960 if (name->Organization != NULL)
961 {
962 UniFormat(str, size, L"%sO=%s, ", str, name->Organization);
963 }
964 if (name->Unit != NULL)
965 {
966 UniFormat(str, size, L"%sOU=%s, ", str, name->Unit);
967 }
968 if (name->State != NULL)
969 {
970 UniFormat(str, size, L"%sS=%s, ", str, name->State);
971 }
972 if (name->Local != NULL)
973 {
974 UniFormat(str, size, L"%sL=%s, ", str, name->Local);
975 }
976 if (name->Country != NULL)
977 {
978 UniFormat(str, size, L"%sC=%s, ", str, name->Country);
979 }
980
981 if (UniStrLen(str) >= 3)
982 {
983 UINT len = UniStrLen(str);
984 if (str[len - 2] == L',' &&
985 str[len - 1] == L' ')
986 {
987 str[len - 2] = 0;
988 }
989 }
990 }
GetAllNameFromNameEx(wchar_t * str,UINT size,NAME * name)991 void GetAllNameFromNameEx(wchar_t *str, UINT size, NAME *name)
992 {
993 // Validate arguments
994 if (str == NULL || name == NULL)
995 {
996 return;
997 }
998
999 UniStrCpy(str, size, L"");
1000 if (name->CommonName != NULL)
1001 {
1002 UniFormat(str, size, L"%s%s, ", str, name->CommonName);
1003 }
1004 if (name->Organization != NULL)
1005 {
1006 UniFormat(str, size, L"%s%s, ", str, name->Organization);
1007 }
1008 if (name->Unit != NULL)
1009 {
1010 UniFormat(str, size, L"%s%s, ", str, name->Unit);
1011 }
1012 if (name->State != NULL)
1013 {
1014 UniFormat(str, size, L"%s%s, ", str, name->State);
1015 }
1016 if (name->Local != NULL)
1017 {
1018 UniFormat(str, size, L"%s%s, ", str, name->Local);
1019 }
1020 if (name->Country != NULL)
1021 {
1022 UniFormat(str, size, L"%s%s, ", str, name->Country);
1023 }
1024
1025 if (UniStrLen(str) >= 3)
1026 {
1027 UINT len = UniStrLen(str);
1028 if (str[len - 2] == L',' &&
1029 str[len - 1] == L' ')
1030 {
1031 str[len - 2] = 0;
1032 }
1033 }
1034 }
1035
1036 // Clone of the key
CloneK(K * k)1037 K *CloneK(K *k)
1038 {
1039 BUF *b;
1040 K *ret;
1041 // Validate arguments
1042 if (k == NULL)
1043 {
1044 return NULL;
1045 }
1046
1047 b = KToBuf(k, false, NULL);
1048 if (b == NULL)
1049 {
1050 return NULL;
1051 }
1052
1053 ret = BufToK(b, k->private_key, false, NULL);
1054 FreeBuf(b);
1055
1056 return ret;
1057 }
1058
1059 // Clone of certificate
CloneX(X * x)1060 X *CloneX(X *x)
1061 {
1062 BUF *b;
1063 X *ret;
1064 // Validate arguments
1065 if (x == NULL)
1066 {
1067 return NULL;
1068 }
1069
1070 b = XToBuf(x, false);
1071 if (b == NULL)
1072 {
1073 return NULL;
1074 }
1075
1076 ret = BufToX(b, false);
1077 FreeBuf(b);
1078
1079 return ret;
1080 }
1081
1082 // Generate a P12
NewP12(X * x,K * k,char * password)1083 P12 *NewP12(X *x, K *k, char *password)
1084 {
1085 PKCS12 *pkcs12;
1086 P12 *p12;
1087 // Validate arguments
1088 if (x == NULL || k == NULL)
1089 {
1090 return false;
1091 }
1092 if (password && StrLen(password) == 0)
1093 {
1094 password = NULL;
1095 }
1096
1097 Lock(openssl_lock);
1098 {
1099 pkcs12 = PKCS12_create(password, NULL, k->pkey, x->x509, NULL, 0, 0, 0, 0, 0);
1100 if (pkcs12 == NULL)
1101 {
1102 Unlock(openssl_lock);
1103 return NULL;
1104 }
1105 }
1106 Unlock(openssl_lock);
1107
1108 p12 = PKCS12ToP12(pkcs12);
1109
1110 return p12;
1111 }
1112
1113 // Check whether the P12 is encrypted
IsEncryptedP12(P12 * p12)1114 bool IsEncryptedP12(P12 *p12)
1115 {
1116 X *x;
1117 K *k;
1118 // Validate arguments
1119 if (p12 == NULL)
1120 {
1121 return false;
1122 }
1123
1124 if (ParseP12(p12, &x, &k, NULL) == true)
1125 {
1126 FreeX(x);
1127 FreeK(k);
1128 return false;
1129 }
1130
1131 return true;
1132 }
1133
1134 // Extract the X and the K from the P12
ParseP12(P12 * p12,X ** x,K ** k,char * password)1135 bool ParseP12(P12 *p12, X **x, K **k, char *password)
1136 {
1137 EVP_PKEY *pkey;
1138 X509 *x509;
1139 // Validate arguments
1140 if (p12 == NULL || x == NULL || k == NULL)
1141 {
1142 return false;
1143 }
1144 if (password && StrLen(password) == 0)
1145 {
1146 password = NULL;
1147 }
1148 if (password == NULL)
1149 {
1150 password = "";
1151 }
1152
1153 // Password confirmation
1154 Lock(openssl_lock);
1155 {
1156 if (PKCS12_verify_mac(p12->pkcs12, password, -1) == false &&
1157 PKCS12_verify_mac(p12->pkcs12, NULL, -1) == false)
1158 {
1159 Unlock(openssl_lock);
1160 return false;
1161 }
1162 }
1163 Unlock(openssl_lock);
1164
1165 // Extraction
1166 Lock(openssl_lock);
1167 {
1168 if (PKCS12_parse(p12->pkcs12, password, &pkey, &x509, NULL) == false)
1169 {
1170 if (PKCS12_parse(p12->pkcs12, NULL, &pkey, &x509, NULL) == false)
1171 {
1172 Unlock(openssl_lock);
1173 return false;
1174 }
1175 }
1176 }
1177 Unlock(openssl_lock);
1178
1179 // Conversion
1180 *x = X509ToX(x509);
1181
1182 if (*x == NULL)
1183 {
1184 FreePKey(pkey);
1185 return false;
1186 }
1187
1188 *k = ZeroMalloc(sizeof(K));
1189 (*k)->private_key = true;
1190 (*k)->pkey = pkey;
1191
1192 return true;
1193 }
1194
1195 // Write the P12 to a file
P12ToFileW(P12 * p12,wchar_t * filename)1196 bool P12ToFileW(P12 *p12, wchar_t *filename)
1197 {
1198 BUF *b;
1199 // Validate arguments
1200 if (p12 == NULL || filename == NULL)
1201 {
1202 return false;
1203 }
1204
1205 b = P12ToBuf(p12);
1206 if (b == NULL)
1207 {
1208 return false;
1209 }
1210
1211 if (DumpBufW(b, filename) == false)
1212 {
1213 FreeBuf(b);
1214 return false;
1215 }
1216
1217 FreeBuf(b);
1218
1219 return true;
1220 }
1221
1222 // Release of P12
FreeP12(P12 * p12)1223 void FreeP12(P12 *p12)
1224 {
1225 // Validate arguments
1226 if (p12 == NULL)
1227 {
1228 return;
1229 }
1230
1231 FreePKCS12(p12->pkcs12);
1232 Free(p12);
1233 }
1234
1235 // Release of PKCS12
FreePKCS12(PKCS12 * pkcs12)1236 void FreePKCS12(PKCS12 *pkcs12)
1237 {
1238 // Validate arguments
1239 if (pkcs12 == NULL)
1240 {
1241 return;
1242 }
1243
1244 PKCS12_free(pkcs12);
1245 }
1246
1247 // Converted the P12 to a BUF
P12ToBuf(P12 * p12)1248 BUF *P12ToBuf(P12 *p12)
1249 {
1250 BIO *bio;
1251 BUF *buf;
1252 // Validate arguments
1253 if (p12 == NULL)
1254 {
1255 return NULL;
1256 }
1257
1258 bio = P12ToBio(p12);
1259 if (bio == NULL)
1260 {
1261 return NULL;
1262 }
1263
1264 buf = BioToBuf(bio);
1265 FreeBio(bio);
1266
1267 SeekBuf(buf, 0, 0);
1268
1269 return buf;
1270 }
1271
1272 // Converted the P12 to a BIO
P12ToBio(P12 * p12)1273 BIO *P12ToBio(P12 *p12)
1274 {
1275 BIO *bio;
1276 // Validate arguments
1277 if (p12 == NULL)
1278 {
1279 return NULL;
1280 }
1281
1282 bio = NewBio();
1283 Lock(openssl_lock);
1284 {
1285 i2d_PKCS12_bio(bio, p12->pkcs12);
1286 }
1287 Unlock(openssl_lock);
1288
1289 return bio;
1290 }
1291
1292 // Read the P12 from the BUF
BufToP12(BUF * b)1293 P12 *BufToP12(BUF *b)
1294 {
1295 P12 *p12;
1296 BIO *bio;
1297 // Validate arguments
1298 if (b == NULL)
1299 {
1300 return NULL;
1301 }
1302
1303 bio = BufToBio(b);
1304 if (bio == NULL)
1305 {
1306 return NULL;
1307 }
1308
1309 p12 = BioToP12(bio);
1310 FreeBio(bio);
1311
1312 return p12;
1313 }
1314
1315 // Read the P12 from the BIO
BioToP12(BIO * bio)1316 P12 *BioToP12(BIO *bio)
1317 {
1318 PKCS12 *pkcs12;
1319 // Validate arguments
1320 if (bio == NULL)
1321 {
1322 return NULL;
1323 }
1324
1325 // Conversion
1326 Lock(openssl_lock);
1327 {
1328 pkcs12 = d2i_PKCS12_bio(bio, NULL);
1329 }
1330 Unlock(openssl_lock);
1331 if (pkcs12 == NULL)
1332 {
1333 // Failure
1334 return NULL;
1335 }
1336
1337 return PKCS12ToP12(pkcs12);
1338 }
1339
1340 // Generate a P12 from a PKCS12
PKCS12ToP12(PKCS12 * pkcs12)1341 P12 *PKCS12ToP12(PKCS12 *pkcs12)
1342 {
1343 P12 *p12;
1344 // Validate arguments
1345 if (pkcs12 == NULL)
1346 {
1347 return NULL;
1348 }
1349
1350 p12 = ZeroMalloc(sizeof(P12));
1351 p12->pkcs12 = pkcs12;
1352
1353 return p12;
1354 }
1355
1356 // Release of X_SERIAL
FreeXSerial(X_SERIAL * serial)1357 void FreeXSerial(X_SERIAL *serial)
1358 {
1359 // Validate arguments
1360 if (serial == NULL)
1361 {
1362 return;
1363 }
1364
1365 Free(serial->data);
1366 Free(serial);
1367 }
1368
1369 // Comparison of X_SERIAL
CompareXSerial(X_SERIAL * s1,X_SERIAL * s2)1370 bool CompareXSerial(X_SERIAL *s1, X_SERIAL *s2)
1371 {
1372 // Validate arguments
1373 if (s1 == NULL || s2 == NULL)
1374 {
1375 return false;
1376 }
1377
1378 if (s1->size != s2->size)
1379 {
1380 return false;
1381 }
1382
1383 if (Cmp(s1->data, s2->data, s1->size) != 0)
1384 {
1385 return false;
1386 }
1387
1388 return true;
1389 }
1390
1391 // Copy of X_SERIAL
CloneXSerial(X_SERIAL * src)1392 X_SERIAL *CloneXSerial(X_SERIAL *src)
1393 {
1394 X_SERIAL *s;
1395 // Validate arguments
1396 if (src == NULL)
1397 {
1398 return NULL;
1399 }
1400
1401 s = ZeroMalloc(sizeof(X_SERIAL));
1402 s->data = ZeroMalloc(src->size);
1403 Copy(s->data, src->data, src->size);
1404 s->size = src->size;
1405
1406 return s;
1407 }
1408
1409 // Initialization of X_SERIAL
NewXSerial(void * data,UINT size)1410 X_SERIAL *NewXSerial(void *data, UINT size)
1411 {
1412 X_SERIAL *serial;
1413 UCHAR *buf = (UCHAR *)data;
1414 UINT i;
1415 // Validate arguments
1416 if (data == NULL || size == 0)
1417 {
1418 return NULL;
1419 }
1420
1421 for (i = 0;i < size;i++)
1422 {
1423 if (buf[i] != 0)
1424 {
1425 break;
1426 }
1427 }
1428 if (i == size)
1429 {
1430 i = size - 1;
1431 }
1432 buf += i;
1433
1434 serial = Malloc(sizeof(X_SERIAL));
1435 serial->size = size - i;
1436 serial->data = ZeroMalloc(size + 16);
1437 Copy(serial->data, buf, size - i);
1438
1439 return serial;
1440 }
1441
1442 // Get the number of days till January 1, 2038
GetDaysUntil2038()1443 UINT GetDaysUntil2038()
1444 {
1445 UINT64 now = SystemTime64();
1446 UINT64 target;
1447 SYSTEMTIME st;
1448
1449 Zero(&st, sizeof(st));
1450 st.wYear = 2038;
1451 st.wMonth = 1;
1452 st.wDay = 1;
1453
1454 target = SystemToUINT64(&st);
1455
1456 if (now >= target)
1457 {
1458 return 0;
1459 }
1460 else
1461 {
1462 return (UINT)((target - now) / (UINT64)(1000 * 60 * 60 * 24));
1463 }
1464 }
GetDaysUntil2038Ex()1465 UINT GetDaysUntil2038Ex()
1466 {
1467 SYSTEMTIME now;
1468
1469 Zero(&now, sizeof(now));
1470 SystemTime(&now);
1471
1472 if (now.wYear >= 2030)
1473 {
1474 UINT64 now = SystemTime64();
1475 UINT64 target;
1476 SYSTEMTIME st;
1477
1478 Zero(&st, sizeof(st));
1479 st.wYear = 2049;
1480 st.wMonth = 12;
1481 st.wDay = 30;
1482
1483 target = SystemToUINT64(&st);
1484
1485 if (now >= target)
1486 {
1487 return 0;
1488 }
1489 else
1490 {
1491 return (UINT)((target - now) / (UINT64)(1000 * 60 * 60 * 24));
1492 }
1493 }
1494 else
1495 {
1496 return GetDaysUntil2038();
1497 }
1498 }
1499
1500 // Issue an X509 certificate
NewX(K * pub,K * priv,X * ca,NAME * name,UINT days,X_SERIAL * serial)1501 X *NewX(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
1502 {
1503 X509 *x509;
1504 X *x;
1505 // Validate arguments
1506 if (pub == NULL || priv == NULL || name == NULL || ca == NULL)
1507 {
1508 return NULL;
1509 }
1510
1511 x509 = NewX509(pub, priv, ca, name, days, serial);
1512 if (x509 == NULL)
1513 {
1514 return NULL;
1515 }
1516
1517 x = X509ToX(x509);
1518
1519 if (x == NULL)
1520 {
1521 return NULL;
1522 }
1523
1524 return x;
1525 }
1526
1527 // Create a root certificate
NewRootX(K * pub,K * priv,NAME * name,UINT days,X_SERIAL * serial)1528 X *NewRootX(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
1529 {
1530 X509 *x509;
1531 X *x, *x2;
1532 // Validate arguments
1533 if (pub == NULL || priv == NULL || name == NULL)
1534 {
1535 return NULL;
1536 }
1537
1538 x509 = NewRootX509(pub, priv, name, days, serial);
1539 if (x509 == NULL)
1540 {
1541 return NULL;
1542 }
1543
1544 x = X509ToX(x509);
1545 if (x == NULL)
1546 {
1547 return NULL;
1548 }
1549
1550 x2 = CloneX(x);
1551 FreeX(x);
1552
1553 return x2;
1554 }
1555
1556 // Create new X509 basic & extended key usage
AddKeyUsageX509(EXTENDED_KEY_USAGE * ex,int nid)1557 void AddKeyUsageX509(EXTENDED_KEY_USAGE *ex, int nid)
1558 {
1559 ASN1_OBJECT *obj;
1560 // Validate arguments
1561 if (ex == NULL)
1562 {
1563 return;
1564 }
1565
1566 obj = OBJ_nid2obj(nid);
1567 if (obj != NULL)
1568 {
1569 sk_ASN1_OBJECT_push(ex, obj);
1570 }
1571 }
NewExtendedKeyUsageForX509()1572 X509_EXTENSION *NewExtendedKeyUsageForX509()
1573 {
1574 EXTENDED_KEY_USAGE *ex = sk_ASN1_OBJECT_new_null();
1575 X509_EXTENSION *ret;
1576
1577 AddKeyUsageX509(ex, NID_server_auth);
1578 AddKeyUsageX509(ex, NID_client_auth);
1579 AddKeyUsageX509(ex, NID_code_sign);
1580 AddKeyUsageX509(ex, NID_email_protect);
1581 AddKeyUsageX509(ex, NID_ipsecEndSystem);
1582 AddKeyUsageX509(ex, NID_ipsecTunnel);
1583 AddKeyUsageX509(ex, NID_ipsecUser);
1584 AddKeyUsageX509(ex, NID_time_stamp);
1585 AddKeyUsageX509(ex, NID_OCSP_sign);
1586
1587 ret = X509V3_EXT_i2d(NID_ext_key_usage, 0, ex);
1588
1589 sk_ASN1_OBJECT_pop_free(ex, ASN1_OBJECT_free);
1590
1591 return ret;
1592 }
BitStringSetBit(ASN1_BIT_STRING * str,int bit)1593 void BitStringSetBit(ASN1_BIT_STRING *str, int bit)
1594 {
1595 // Validate arguments
1596 if (str == NULL)
1597 {
1598 return;
1599 }
1600
1601 ASN1_BIT_STRING_set_bit(str, bit, 1);
1602 }
NewBasicKeyUsageForX509()1603 X509_EXTENSION *NewBasicKeyUsageForX509()
1604 {
1605 X509_EXTENSION *ret = NULL;
1606 ASN1_BIT_STRING *str;
1607
1608 str = ASN1_BIT_STRING_new();
1609 if (str != NULL)
1610 {
1611 BitStringSetBit(str, 0); // KU_DIGITAL_SIGNATURE
1612 BitStringSetBit(str, 1); // KU_NON_REPUDIATION
1613 BitStringSetBit(str, 2); // KU_KEY_ENCIPHERMENT
1614 BitStringSetBit(str, 3); // KU_DATA_ENCIPHERMENT
1615 //BitStringSetBit(str, 4); // KU_KEY_AGREEMENT
1616 BitStringSetBit(str, 5); // KU_KEY_CERT_SIGN
1617 BitStringSetBit(str, 6); // KU_CRL_SIGN
1618
1619 ret = X509V3_EXT_i2d(NID_key_usage, 0, str);
1620
1621 ASN1_BIT_STRING_free(str);
1622 }
1623
1624 return ret;
1625 }
1626
1627 // Issue an X509 certificate
NewX509(K * pub,K * priv,X * ca,NAME * name,UINT days,X_SERIAL * serial)1628 X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
1629 {
1630 X509 *x509;
1631 UINT64 notBefore, notAfter;
1632 const ASN1_TIME *t1, *t2;
1633 X509_NAME *subject_name, *issuer_name;
1634 X509_EXTENSION *ex = NULL;
1635 X509_EXTENSION *eku = NULL;
1636 X509_EXTENSION *busage = NULL;
1637 ASN1_INTEGER *s;
1638 // Validate arguments
1639 if (pub == NULL || name == NULL || ca == NULL)
1640 {
1641 return NULL;
1642 }
1643 if (pub->private_key != false)
1644 {
1645 return NULL;
1646 }
1647 if (priv->private_key == false)
1648 {
1649 return NULL;
1650 }
1651
1652 notBefore = SystemTime64();
1653 notAfter = notBefore + (UINT64)days * (UINT64)3600 * (UINT64)24 * (UINT64)1000;
1654
1655 // Creating a X509
1656 x509 = X509_new();
1657 if (x509 == NULL)
1658 {
1659 return NULL;
1660 }
1661
1662 // Make it a v3 certificate
1663 X509_set_version(x509, 2L);
1664
1665 // Set the Expiration
1666 t1 = X509_get0_notBefore(x509);
1667 t2 = X509_get0_notAfter(x509);
1668 if (!UINT64ToAsn1Time((void *)t1, notBefore))
1669 {
1670 FreeX509(x509);
1671 return NULL;
1672 }
1673 if (!UINT64ToAsn1Time((void *)t2, notAfter))
1674 {
1675 FreeX509(x509);
1676 return NULL;
1677 }
1678
1679 // Set the name
1680 subject_name = NameToX509Name(name);
1681 if (subject_name == NULL)
1682 {
1683 FreeX509(x509);
1684 return NULL;
1685 }
1686 issuer_name = X509_get_subject_name(ca->x509);
1687 if (issuer_name == NULL)
1688 {
1689 FreeX509Name(subject_name);
1690 FreeX509(x509);
1691 return NULL;
1692 }
1693
1694 X509_set_issuer_name(x509, issuer_name);
1695 X509_set_subject_name(x509, subject_name);
1696
1697 FreeX509Name(subject_name);
1698
1699 // Set the Serial Number
1700 s = X509_get_serialNumber(x509);
1701 OPENSSL_free(s->data);
1702 if (serial == NULL)
1703 {
1704 char zero = 0;
1705 s->data = OPENSSL_malloc(sizeof(char));
1706 Copy(s->data, &zero, sizeof(char));
1707 s->length = sizeof(char);
1708 }
1709 else
1710 {
1711 s->data = OPENSSL_malloc(serial->size);
1712 Copy(s->data, serial->data, serial->size);
1713 s->length = serial->size;
1714 }
1715
1716 /*
1717 // Extensions
1718 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical,CA:TRUE");
1719 X509_add_ext(x509, ex, -1);
1720 X509_EXTENSION_free(ex);
1721 */
1722
1723 // Basic usage
1724 busage = NewBasicKeyUsageForX509();
1725 if (busage != NULL)
1726 {
1727 X509_add_ext(x509, busage, -1);
1728 X509_EXTENSION_free(busage);
1729 }
1730
1731 // EKU
1732 eku = NewExtendedKeyUsageForX509();
1733 if (eku != NULL)
1734 {
1735 X509_add_ext(x509, eku, -1);
1736 X509_EXTENSION_free(eku);
1737 }
1738
1739 // Alternative subject name
1740 if (UniIsEmptyStr(name->CommonName) == false)
1741 {
1742 char alt_dns[MAX_PATH];
1743
1744 Format(alt_dns, sizeof(alt_dns), "DNS.1:%S", name->CommonName);
1745
1746 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_subject_alt_name, alt_dns);
1747 X509_add_ext(x509, ex, -1);
1748 X509_EXTENSION_free(ex);
1749 }
1750
1751 Lock(openssl_lock);
1752 {
1753 // Set the public key
1754 X509_set_pubkey(x509, pub->pkey);
1755
1756 // Signature
1757 // 2014.3.19 set the initial digest algorithm to SHA-256
1758 X509_sign(x509, priv->pkey, EVP_sha256());
1759 }
1760 Unlock(openssl_lock);
1761
1762 return x509;
1763 }
1764
1765 // Create an X509 root certificate
NewRootX509(K * pub,K * priv,NAME * name,UINT days,X_SERIAL * serial)1766 X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
1767 {
1768 X509 *x509;
1769 UINT64 notBefore, notAfter;
1770 const ASN1_TIME *t1, *t2;
1771 X509_NAME *subject_name, *issuer_name;
1772 X509_EXTENSION *ex = NULL;
1773 X509_EXTENSION *eku = NULL;
1774 X509_EXTENSION *busage = NULL;
1775 ASN1_INTEGER *s;
1776 // Validate arguments
1777 if (pub == NULL || name == NULL || priv == NULL)
1778 {
1779 return NULL;
1780 }
1781 if (days == 0)
1782 {
1783 days = 365;
1784 }
1785 if (priv->private_key == false)
1786 {
1787 return NULL;
1788 }
1789 if (pub->private_key != false)
1790 {
1791 return NULL;
1792 }
1793
1794 notBefore = SystemTime64();
1795 notAfter = notBefore + (UINT64)days * (UINT64)3600 * (UINT64)24 * (UINT64)1000;
1796
1797 // Creating a X509
1798 x509 = X509_new();
1799 if (x509 == NULL)
1800 {
1801 return NULL;
1802 }
1803
1804 // Make it a v3 certificate
1805 X509_set_version(x509, 2L);
1806
1807 // Set the Expiration
1808 t1 = X509_get0_notBefore(x509);
1809 t2 = X509_get0_notAfter(x509);
1810 if (!UINT64ToAsn1Time((void *)t1, notBefore))
1811 {
1812 FreeX509(x509);
1813 return NULL;
1814 }
1815 if (!UINT64ToAsn1Time((void *)t2, notAfter))
1816 {
1817 FreeX509(x509);
1818 return NULL;
1819 }
1820
1821 // Set the name
1822 subject_name = NameToX509Name(name);
1823 if (subject_name == NULL)
1824 {
1825 FreeX509(x509);
1826 return NULL;
1827 }
1828 issuer_name = NameToX509Name(name);
1829 if (issuer_name == NULL)
1830 {
1831 FreeX509Name(subject_name);
1832 FreeX509(x509);
1833 return NULL;
1834 }
1835
1836 X509_set_issuer_name(x509, issuer_name);
1837 X509_set_subject_name(x509, subject_name);
1838
1839 FreeX509Name(subject_name);
1840 FreeX509Name(issuer_name);
1841
1842 // Set a Serial Number
1843 s = X509_get_serialNumber(x509);
1844 OPENSSL_free(s->data);
1845 if (serial == NULL)
1846 {
1847 char zero = 0;
1848 s->data = OPENSSL_malloc(sizeof(char));
1849 Copy(s->data, &zero, sizeof(char));
1850 s->length = sizeof(char);
1851 }
1852 else
1853 {
1854 s->data = OPENSSL_malloc(serial->size);
1855 Copy(s->data, serial->data, serial->size);
1856 s->length = serial->size;
1857 }
1858
1859 // Extensions
1860 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical,CA:TRUE");
1861 X509_add_ext(x509, ex, -1);
1862 X509_EXTENSION_free(ex);
1863
1864 // Basic usage
1865 busage = NewBasicKeyUsageForX509();
1866 if (busage != NULL)
1867 {
1868 X509_add_ext(x509, busage, -1);
1869 X509_EXTENSION_free(busage);
1870 }
1871
1872 // EKU
1873 eku = NewExtendedKeyUsageForX509();
1874 if (eku != NULL)
1875 {
1876 X509_add_ext(x509, eku, -1);
1877 X509_EXTENSION_free(eku);
1878 }
1879
1880 Lock(openssl_lock);
1881 {
1882 // Set the public key
1883 X509_set_pubkey(x509, pub->pkey);
1884
1885 // Signature
1886 // 2014.3.19 set the initial digest algorithm to SHA-256
1887 X509_sign(x509, priv->pkey, EVP_sha256());
1888 }
1889 Unlock(openssl_lock);
1890
1891 return x509;
1892 }
1893
1894 // Convert the NAMEto a X509_NAME
NameToX509Name(NAME * nm)1895 void *NameToX509Name(NAME *nm)
1896 {
1897 X509_NAME *xn;
1898 // Validate arguments
1899 if (nm == NULL)
1900 {
1901 return NULL;
1902 }
1903
1904 xn = X509_NAME_new();
1905 if (xn == NULL)
1906 {
1907 return NULL;
1908 }
1909
1910 // Add the entries
1911 AddX509Name(xn, NID_commonName, nm->CommonName);
1912 AddX509Name(xn, NID_organizationName, nm->Organization);
1913 AddX509Name(xn, NID_organizationalUnitName, nm->Unit);
1914 AddX509Name(xn, NID_countryName, nm->Country);
1915 AddX509Name(xn, NID_stateOrProvinceName, nm->State);
1916 AddX509Name(xn, NID_localityName, nm->Local);
1917
1918 return xn;
1919 }
1920
1921 // Add an entry to the X509_NAME
AddX509Name(void * xn,int nid,wchar_t * str)1922 bool AddX509Name(void *xn, int nid, wchar_t *str)
1923 {
1924 X509_NAME *x509_name;
1925 UINT utf8_size;
1926 BYTE *utf8;
1927 int encoding_type = MBSTRING_ASC;
1928 // Validate arguments
1929 if (xn == NULL || str == NULL)
1930 {
1931 return false;
1932 }
1933
1934 // Convert to UTF-8
1935 utf8_size = CalcUniToUtf8(str);
1936 if (utf8_size == 0)
1937 {
1938 return false;
1939 }
1940 utf8 = ZeroMalloc(utf8_size + 1);
1941 UniToUtf8(utf8, utf8_size, str);
1942 utf8[utf8_size] = 0;
1943
1944 if (StrLen(utf8) != UniStrLen(str))
1945 {
1946 encoding_type = MBSTRING_UTF8;
1947 }
1948
1949 // Adding
1950 x509_name = (X509_NAME *)xn;
1951 Lock(openssl_lock);
1952 {
1953 X509_NAME_add_entry_by_NID(x509_name, nid, encoding_type, utf8, utf8_size, -1, 0);
1954 }
1955 Unlock(openssl_lock);
1956 Free(utf8);
1957
1958 return true;
1959 }
1960
1961 // Release the X509_NAME
FreeX509Name(void * xn)1962 void FreeX509Name(void *xn)
1963 {
1964 X509_NAME *x509_name;
1965 // Validate arguments
1966 if (xn == NULL)
1967 {
1968 return;
1969 }
1970
1971 x509_name = (X509_NAME *)xn;
1972 X509_NAME_free(x509_name);
1973 }
1974
1975 // Creating the NAME
NewName(wchar_t * common_name,wchar_t * organization,wchar_t * unit,wchar_t * country,wchar_t * state,wchar_t * local)1976 NAME *NewName(wchar_t *common_name, wchar_t *organization, wchar_t *unit,
1977 wchar_t *country, wchar_t *state, wchar_t *local)
1978 {
1979 NAME *nm = ZeroMalloc(sizeof(NAME));
1980
1981 if (UniIsEmptyStr(common_name) == false)
1982 {
1983 nm->CommonName = CopyUniStr(common_name);
1984 }
1985
1986 if (UniIsEmptyStr(organization) == false)
1987 {
1988 nm->Organization = CopyUniStr(organization);
1989 }
1990
1991 if (UniIsEmptyStr(unit) == false)
1992 {
1993 nm->Unit = CopyUniStr(unit);
1994 }
1995
1996 if (UniIsEmptyStr(country) == false)
1997 {
1998 nm->Country = CopyUniStr(country);
1999 }
2000
2001 if (UniIsEmptyStr(state) == false)
2002 {
2003 nm->State = CopyUniStr(state);
2004 }
2005
2006 if (UniIsEmptyStr(local) == false)
2007 {
2008 nm->Local = CopyUniStr(local);
2009 }
2010
2011 return nm;
2012 }
2013
2014 // Check the expiration date of the certificate by the current time
CheckXDateNow(X * x)2015 bool CheckXDateNow(X *x)
2016 {
2017 // Validate arguments
2018 if (x == NULL)
2019 {
2020 return false;
2021 }
2022
2023 return CheckXDate(x, SystemTime64());
2024 }
2025
2026 // Check the expiration date of the certificate
CheckXDate(X * x,UINT64 current_system_time)2027 bool CheckXDate(X *x, UINT64 current_system_time)
2028 {
2029 // Validate arguments
2030 if (x == NULL)
2031 {
2032 return false;
2033 }
2034
2035 if (x->notBefore >= current_system_time || x->notAfter <= current_system_time)
2036 {
2037 return false;
2038 }
2039 return true;
2040 }
2041
2042 // Read the expiration date of the certificate
LoadXDates(X * x)2043 void LoadXDates(X *x)
2044 {
2045 // Validate arguments
2046 if (x == NULL)
2047 {
2048 return;
2049 }
2050
2051 x->notBefore = Asn1TimeToUINT64((ASN1_TIME *)X509_get0_notBefore(x->x509));
2052 x->notAfter = Asn1TimeToUINT64((ASN1_TIME *)X509_get0_notAfter(x->x509));
2053 }
2054
2055 // Convert the 64bit system time to ASN1 time
UINT64ToAsn1Time(void * asn1_time,UINT64 t)2056 bool UINT64ToAsn1Time(void *asn1_time, UINT64 t)
2057 {
2058 SYSTEMTIME st;
2059 // Validate arguments
2060 if (asn1_time == NULL)
2061 {
2062 return false;
2063 }
2064
2065 UINT64ToSystem(&st, t);
2066 return SystemToAsn1Time(asn1_time, &st);
2067 }
2068
2069 // Convert the system time to the ASN1 time
SystemToAsn1Time(void * asn1_time,SYSTEMTIME * s)2070 bool SystemToAsn1Time(void *asn1_time, SYSTEMTIME *s)
2071 {
2072 char tmp[20];
2073 ASN1_TIME *t;
2074 // Validate arguments
2075 if (asn1_time == NULL || s == NULL)
2076 {
2077 return false;
2078 }
2079
2080 if (SystemToStr(tmp, sizeof(tmp), s) == false)
2081 {
2082 return false;
2083 }
2084 t = (ASN1_TIME *)asn1_time;
2085 if (t->data == NULL || t->length < sizeof(tmp))
2086 {
2087 t->data = OPENSSL_malloc(sizeof(tmp));
2088 }
2089 StrCpy((char *)t->data, t->length, tmp);
2090 t->length = StrLen(tmp);
2091 t->type = V_ASN1_UTCTIME;
2092
2093 return true;
2094 }
2095
2096 // Convert the system time to a string
SystemToStr(char * str,UINT size,SYSTEMTIME * s)2097 bool SystemToStr(char *str, UINT size, SYSTEMTIME *s)
2098 {
2099 // Validate arguments
2100 if (str == NULL || s == NULL)
2101 {
2102 return false;
2103 }
2104
2105 Format(str, size, "%02u%02u%02u%02u%02u%02uZ",
2106 s->wYear % 100, s->wMonth, s->wDay,
2107 s->wHour, s->wMinute, s->wSecond);
2108
2109 return true;
2110 }
2111
2112 // Convert an ASN1 time to an UINT64 time
Asn1TimeToUINT64(void * asn1_time)2113 UINT64 Asn1TimeToUINT64(void *asn1_time)
2114 {
2115 SYSTEMTIME st;
2116 // Validate arguments
2117 if (asn1_time == NULL)
2118 {
2119 return 0;
2120 }
2121
2122 if (Asn1TimeToSystem(&st, asn1_time) == false)
2123 {
2124 return 0;
2125 }
2126 return SystemToUINT64(&st);
2127 }
2128
2129 // Converted an ASN1 time to a system time
Asn1TimeToSystem(SYSTEMTIME * s,void * asn1_time)2130 bool Asn1TimeToSystem(SYSTEMTIME *s, void *asn1_time)
2131 {
2132 ASN1_TIME *t;
2133 // Validate arguments
2134 if (s == NULL || asn1_time == NULL)
2135 {
2136 return false;
2137 }
2138
2139 t = (ASN1_TIME *)asn1_time;
2140 if (StrToSystem(s, (char *)t->data) == false)
2141 {
2142 return false;
2143 }
2144
2145 if (t->type == V_ASN1_GENERALIZEDTIME)
2146 {
2147 LocalToSystem(s, s);
2148 }
2149
2150 return true;
2151 }
2152
2153 // Convert the string to the system time
StrToSystem(SYSTEMTIME * s,char * str)2154 bool StrToSystem(SYSTEMTIME *s, char *str)
2155 {
2156 char century[3] = {0, 0, 0};
2157 bool fourdigityear = false;
2158
2159 // Validate arguments
2160 if (s == NULL || str == NULL)
2161 {
2162 return false;
2163 }
2164 if (StrLen(str) != 13)
2165 {
2166 if (StrLen(str) != 15)
2167 {
2168 return false;
2169 }
2170
2171 // Year has 4 digits - save first two and use the rest
2172 // as if it had two digits
2173 fourdigityear = true;
2174 century[0] = str[0];
2175 century[1] = str[1];
2176 str += 2;
2177 }
2178 if (str[12] != 'Z')
2179 {
2180 return false;
2181 }
2182
2183 // Conversion
2184 {
2185 char year[3] = {str[0], str[1], 0},
2186 month[3] = {str[2], str[3], 0},
2187 day[3] = {str[4], str[5], 0},
2188 hour[3] = {str[6], str[7], 0},
2189 minute[3] = {str[8], str[9], 0},
2190 second[3] = {str[10], str[11], 0};
2191 Zero(s, sizeof(SYSTEMTIME));
2192 s->wYear = ToInt(year);
2193 if (fourdigityear)
2194 {
2195 s->wYear += ToInt(century) * 100;
2196 }
2197 else if (s->wYear >= 60)
2198 {
2199 s->wYear += 1900;
2200 }
2201 else
2202 {
2203 s->wYear += 2000;
2204 }
2205 s->wMonth = ToInt(month);
2206 s->wDay = ToInt(day);
2207 s->wHour = ToInt(hour);
2208 s->wMinute = ToInt(minute);
2209 s->wSecond = ToInt(second);
2210 NormalizeSystem(s);
2211 }
2212
2213 return true;
2214 }
2215
2216 // Verify the RSA signature
RsaVerify(void * data,UINT data_size,void * sign,K * k)2217 bool RsaVerify(void *data, UINT data_size, void *sign, K *k)
2218 {
2219 return RsaVerifyEx(data, data_size, sign, k, 0);
2220 }
2221
RsaVerifyEx(void * data,UINT data_size,void * sign,K * k,UINT bits)2222 bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits)
2223 {
2224 UCHAR hash_data[SIGN_HASH_SIZE];
2225 UCHAR *decrypt_data;
2226 RSA *rsa;
2227 UINT rsa_size;
2228 // Validate arguments
2229 if (data == NULL || sign == NULL || k == NULL || k->private_key != false)
2230 {
2231 return false;
2232 }
2233 if (bits == 0)
2234 {
2235 bits = RSA_KEY_SIZE;
2236 }
2237
2238 rsa = EVP_PKEY_get0_RSA(k->pkey);
2239 if (rsa == NULL)
2240 {
2241 return false;
2242 }
2243
2244 // Hash the data
2245 if (HashForSign(hash_data, sizeof(hash_data), data, data_size) == false)
2246 {
2247 return false;
2248 }
2249
2250 rsa_size = RSA_size(rsa);
2251 rsa_size = MAX(rsa_size, 1024); // For just in case
2252 decrypt_data = ZeroMalloc(rsa_size);
2253
2254 // Decode the signature
2255 if (RSA_public_decrypt(bits / 8, sign, decrypt_data, rsa, RSA_PKCS1_PADDING) <= 0)
2256 {
2257 Free(decrypt_data);
2258 return false;
2259 }
2260
2261 // Comparison
2262 if (Cmp(decrypt_data, hash_data, SIGN_HASH_SIZE) != 0)
2263 {
2264 Free(decrypt_data);
2265 return false;
2266 }
2267
2268 Free(decrypt_data);
2269
2270 return true;
2271 }
2272
2273 // RSA signature
RsaSign(void * dst,void * src,UINT size,K * k)2274 bool RsaSign(void *dst, void *src, UINT size, K *k)
2275 {
2276 return RsaSignEx(dst, src, size, k, 0);
2277 }
RsaSignEx(void * dst,void * src,UINT size,K * k,UINT bits)2278 bool RsaSignEx(void *dst, void *src, UINT size, K *k, UINT bits)
2279 {
2280 UCHAR hash[SIGN_HASH_SIZE];
2281 // Validate arguments
2282 if (dst == NULL || src == NULL || k == NULL || EVP_PKEY_base_id(k->pkey) != EVP_PKEY_RSA)
2283 {
2284 return false;
2285 }
2286 if (bits == 0)
2287 {
2288 bits = RSA_KEY_SIZE;
2289 }
2290
2291 Zero(dst, bits / 8);
2292
2293 // Hash
2294 if (HashForSign(hash, sizeof(hash), src, size) == false)
2295 {
2296 return false;
2297 }
2298
2299 // Signature
2300 if (RSA_private_encrypt(sizeof(hash), hash, dst, EVP_PKEY_get0_RSA(k->pkey), RSA_PKCS1_PADDING) <= 0)
2301 {
2302 return false;
2303 }
2304
2305 return true;
2306 }
2307
2308 // Generation of signature data by SHA-1
HashForSign(void * dst,UINT dst_size,void * src,UINT src_size)2309 bool HashForSign(void *dst, UINT dst_size, void *src, UINT src_size)
2310 {
2311 UCHAR *buf = (UCHAR *)dst;
2312 UCHAR sign_data[] =
2313 {
2314 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E,
2315 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14,
2316 };
2317 // Validate arguments
2318 if (dst == NULL || src == NULL || src_size == 0 || MIN_SIGN_HASH_SIZE > dst_size)
2319 {
2320 return false;
2321 }
2322
2323 // Header part
2324 Copy(buf, sign_data, sizeof(sign_data));
2325
2326 // Hash
2327 Sha1(HASHED_DATA(buf), src, src_size);
2328
2329 return true;
2330 }
2331
2332 // RSA operating environment check
RsaCheckEx()2333 bool RsaCheckEx()
2334 {
2335 UINT num = 20;
2336 UINT i;
2337
2338 for (i = 0;i < num;i++)
2339 {
2340 if (RsaCheck())
2341 {
2342 return true;
2343 }
2344
2345 SleepThread(100);
2346 }
2347
2348 return false;
2349 }
RsaCheck()2350 bool RsaCheck()
2351 {
2352 int ret = 0;
2353 RSA *rsa = NULL;
2354 BIGNUM *e = NULL;
2355 K *priv_key, *pub_key;
2356 BIO *bio;
2357 char errbuf[MAX_SIZE];
2358 UINT size = 0;
2359 UINT bit = RSA_KEY_SIZE;
2360
2361 e = BN_new();
2362 ret = BN_set_word(e, RSA_F4);
2363 if (ret == 0)
2364 {
2365 BN_free(e);
2366 Debug("BN_set_word: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
2367 return false;
2368 }
2369
2370 // Key generation
2371 Lock(openssl_lock);
2372 {
2373 rsa = RSA_new();
2374 ret = RSA_generate_key_ex(rsa, bit, e, NULL);
2375 BN_free(e);
2376 }
2377 Unlock(openssl_lock);
2378 if (ret == 0)
2379 {
2380 Debug("RSA_generate_key_ex: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
2381 return false;
2382 }
2383
2384 // Secret key
2385 bio = NewBio();
2386 Lock(openssl_lock);
2387 {
2388 i2d_RSAPrivateKey_bio(bio, rsa);
2389 }
2390 Unlock(openssl_lock);
2391 BIO_seek(bio, 0);
2392 priv_key = BioToK(bio, true, false, NULL);
2393 FreeBio(bio);
2394
2395 // Public key
2396 bio = NewBio();
2397 Lock(openssl_lock);
2398 {
2399 i2d_RSA_PUBKEY_bio(bio, rsa);
2400 }
2401 Unlock(openssl_lock);
2402 BIO_seek(bio, 0);
2403 pub_key = BioToK(bio, false, false, NULL);
2404 FreeBio(bio);
2405
2406 RSA_free(rsa);
2407
2408 size = RsaPublicSize(pub_key);
2409
2410 if (size != ((bit + 7) / 8))
2411 {
2412 FreeK(priv_key);
2413 FreeK(pub_key);
2414
2415 return false;
2416 }
2417
2418 FreeK(priv_key);
2419 FreeK(pub_key);
2420
2421 return true;
2422 }
2423
2424 // Generation of RSA key
RsaGen(K ** priv,K ** pub,UINT bit)2425 bool RsaGen(K **priv, K **pub, UINT bit)
2426 {
2427 int ret = 0;
2428 RSA *rsa = NULL;
2429 BIGNUM *e = NULL;
2430 K *priv_key, *pub_key;
2431 BIO *bio;
2432 char errbuf[MAX_SIZE];
2433 UINT size = 0;
2434 // Validate arguments
2435 if (priv == NULL || pub == NULL)
2436 {
2437 return false;
2438 }
2439 if (bit == 0)
2440 {
2441 bit = RSA_KEY_SIZE;
2442 }
2443
2444 e = BN_new();
2445 ret = BN_set_word(e, RSA_F4);
2446 if (ret == 0)
2447 {
2448 BN_free(e);
2449 Debug("BN_set_word: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
2450 return false;
2451 }
2452
2453 // Key generation
2454 Lock(openssl_lock);
2455 {
2456 rsa = RSA_new();
2457 ret = RSA_generate_key_ex(rsa, bit, e, NULL);
2458 BN_free(e);
2459 }
2460 Unlock(openssl_lock);
2461 if (ret == 0)
2462 {
2463 Debug("RSA_generate_key_ex: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
2464 return false;
2465 }
2466
2467 // Secret key
2468 bio = NewBio();
2469 Lock(openssl_lock);
2470 {
2471 i2d_RSAPrivateKey_bio(bio, rsa);
2472 }
2473 Unlock(openssl_lock);
2474 BIO_seek(bio, 0);
2475 priv_key = BioToK(bio, true, false, NULL);
2476 FreeBio(bio);
2477
2478 // Public key
2479 bio = NewBio();
2480 Lock(openssl_lock);
2481 {
2482 i2d_RSA_PUBKEY_bio(bio, rsa);
2483 }
2484 Unlock(openssl_lock);
2485 BIO_seek(bio, 0);
2486 pub_key = BioToK(bio, false, false, NULL);
2487 FreeBio(bio);
2488
2489 *priv = priv_key;
2490 *pub = pub_key;
2491
2492 RSA_free(rsa);
2493
2494 size = RsaPublicSize(*pub);
2495
2496 if (size != ((bit + 7) / 8))
2497 {
2498 FreeK(*priv);
2499 FreeK(*pub);
2500
2501 return RsaGen(priv, pub, bit);
2502 }
2503
2504 return true;
2505 }
2506
2507 // Confirm whether the certificate X is signed by the issuer of the certificate x_issuer
CheckXEx(X * x,X * x_issuer,bool check_name,bool check_date)2508 bool CheckXEx(X *x, X *x_issuer, bool check_name, bool check_date)
2509 {
2510 K *k;
2511 bool ret;
2512 // Validate arguments
2513 if (x == NULL || x_issuer == NULL)
2514 {
2515 return false;
2516 }
2517
2518 k = GetKFromX(x_issuer);
2519 if (k == NULL)
2520 {
2521 return false;
2522 }
2523
2524 ret = CheckSignature(x, k);
2525
2526 if (ret)
2527 {
2528 if (check_name)
2529 {
2530 if (CompareName(x->issuer_name, x_issuer->subject_name) == false)
2531 {
2532 ret = false;
2533 }
2534 }
2535
2536 if (check_date)
2537 {
2538 if (CheckXDateNow(x_issuer) == false)
2539 {
2540 ret = false;
2541 }
2542 }
2543 }
2544
2545 FreeK(k);
2546
2547 return ret;
2548 }
2549
2550 // Confirm the signature of the certificate X with the public key K
CheckSignature(X * x,K * k)2551 bool CheckSignature(X *x, K *k)
2552 {
2553 // Validate arguments
2554 if (x == NULL || k == NULL)
2555 {
2556 return false;
2557 }
2558
2559 Lock(openssl_lock);
2560 {
2561 if (X509_verify(x->x509, k->pkey) == 0)
2562 {
2563 Unlock(openssl_lock);
2564 return false;
2565 }
2566 }
2567 Unlock(openssl_lock);
2568 return true;
2569 }
2570
2571 // Get the public key from the certificate
GetKFromX(X * x)2572 K *GetKFromX(X *x)
2573 {
2574 EVP_PKEY *pkey;
2575 K *k;
2576 // Validate arguments
2577 if (x == NULL)
2578 {
2579 return NULL;
2580 }
2581
2582 Lock(openssl_lock);
2583 {
2584 pkey = X509_get_pubkey(x->x509);
2585 }
2586 Unlock(openssl_lock);
2587 if (pkey == NULL)
2588 {
2589 return NULL;
2590 }
2591
2592 k = ZeroMalloc(sizeof(K));
2593 k->pkey = pkey;
2594
2595 return k;
2596 }
2597
2598 // The name comparison
CompareName(NAME * n1,NAME * n2)2599 bool CompareName(NAME *n1, NAME *n2)
2600 {
2601 // Validate arguments
2602 if (n1 == NULL || n2 == NULL)
2603 {
2604 return false;
2605 }
2606
2607 // Name comparison
2608 if (UniStrCmpi(n1->CommonName, n2->CommonName) == 0 &&
2609 UniStrCmpi(n1->Organization, n2->Organization) == 0 &&
2610 UniStrCmpi(n1->Unit, n2->Unit) == 0 &&
2611 UniStrCmpi(n1->Country, n2->Country) == 0 &&
2612 UniStrCmpi(n1->State, n2->State) == 0 &&
2613 UniStrCmpi(n1->Local, n2->Local) == 0)
2614 {
2615 return true;
2616 }
2617
2618 return false;
2619 }
2620
2621 // Release the name of the X
FreeXNames(X * x)2622 void FreeXNames(X *x)
2623 {
2624 // Validate arguments
2625 if (x == NULL)
2626 {
2627 return;
2628 }
2629
2630 FreeName(x->issuer_name);
2631 x->issuer_name = NULL;
2632
2633 FreeName(x->subject_name);
2634 x->subject_name = NULL;
2635 }
2636
2637 // Release the name
FreeName(NAME * n)2638 void FreeName(NAME *n)
2639 {
2640 // Validate arguments
2641 if (n == NULL)
2642 {
2643 return;
2644 }
2645
2646 // Release the string
2647 Free(n->CommonName);
2648 Free(n->Organization);
2649 Free(n->Unit);
2650 Free(n->Country);
2651 Free(n->State);
2652 Free(n->Local);
2653
2654 // Release the object
2655 Free(n);
2656
2657 return;
2658 }
2659
2660 // Get the name of the certificate
LoadXNames(X * x)2661 void LoadXNames(X *x)
2662 {
2663 X509 *x509;
2664 // Validate arguments
2665 if (x == NULL)
2666 {
2667 return;
2668 }
2669
2670 x509 = x->x509;
2671 x->issuer_name = X509NameToName(X509_get_issuer_name(x509));
2672 x->subject_name = X509NameToName(X509_get_subject_name(x509));
2673 }
2674
2675 // Convert the X509_NAME structure to the NAME structure
X509NameToName(void * xn)2676 NAME *X509NameToName(void *xn)
2677 {
2678 NAME *n;
2679 // Validate arguments
2680 if (xn == NULL)
2681 {
2682 return NULL;
2683 }
2684
2685 n = ZeroMalloc(sizeof(NAME));
2686
2687 // Get the strings one by one
2688 n->CommonName = GetUniStrFromX509Name(xn, NID_commonName);
2689 n->Organization = GetUniStrFromX509Name(xn, NID_organizationName);
2690 n->Unit = GetUniStrFromX509Name(xn, NID_organizationalUnitName);
2691 n->Country = GetUniStrFromX509Name(xn, NID_countryName);
2692 n->State = GetUniStrFromX509Name(xn, NID_stateOrProvinceName);
2693 n->Local = GetUniStrFromX509Name(xn, NID_localityName);
2694
2695 return n;
2696 }
2697
2698 // Read a Unicode string from the X509_NAME structure
GetUniStrFromX509Name(void * xn,int nid)2699 wchar_t *GetUniStrFromX509Name(void *xn, int nid)
2700 {
2701 UCHAR txt[1024];
2702 bool b = false;
2703 UINT i, size;
2704 int index;
2705 bool unicode = false;
2706 bool is_utf_8 = false;
2707 ASN1_OBJECT *obj;
2708 ASN1_STRING *data;
2709 // Validate arguments
2710 if (xn == NULL || nid == 0)
2711 {
2712 return NULL;
2713 }
2714
2715 Zero(txt, sizeof(txt));
2716 if (X509_NAME_get_text_by_NID(xn, nid, (char *)txt, sizeof(txt) - 2) <= 0)
2717 {
2718 return NULL;
2719 }
2720
2721 obj = OBJ_nid2obj(nid);
2722 if (obj == NULL)
2723 {
2724 return NULL;
2725 }
2726 index = X509_NAME_get_index_by_OBJ(xn, obj, -1);
2727 if (index < 0)
2728 {
2729 return NULL;
2730 }
2731 data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(xn, index));
2732 if (data == NULL)
2733 {
2734 return NULL;
2735 }
2736 if (data->type == V_ASN1_BMPSTRING)
2737 {
2738 unicode = true;
2739 }
2740 if (data->type == V_ASN1_UTF8STRING || data->type == V_ASN1_T61STRING)
2741 {
2742 is_utf_8 = true;
2743 }
2744
2745 size = UniStrLen((wchar_t *)txt) * 4 + 8;
2746 for (i = 0;i < size;i++)
2747 {
2748 if (txt[i] >= 0x80)
2749 {
2750 unicode = true;
2751 break;
2752 }
2753 }
2754
2755 if (is_utf_8)
2756 {
2757 wchar_t *ret;
2758 UINT ret_size;
2759
2760 ret_size = CalcUtf8ToUni(txt, StrLen(txt));
2761 ret = ZeroMalloc(ret_size + 8);
2762 Utf8ToUni(ret, ret_size, txt, StrLen(txt));
2763
2764 return ret;
2765 }
2766 else if (unicode == false)
2767 {
2768 wchar_t tmp[1024];
2769 StrToUni(tmp, sizeof(tmp), (char *)txt);
2770 return CopyUniStr(tmp);
2771 }
2772 else
2773 {
2774 EndianUnicode((wchar_t *)txt);
2775 return CopyUniStr((wchar_t *)txt);
2776 }
2777 }
2778
2779 // Check whether the certificate x1 equal to x2
CompareX(X * x1,X * x2)2780 bool CompareX(X *x1, X *x2)
2781 {
2782 // Validate arguments
2783 if (x1 == NULL || x2 == NULL)
2784 {
2785 return false;
2786 }
2787
2788 Lock(openssl_lock);
2789 if (X509_cmp(x1->x509, x2->x509) == 0)
2790 {
2791 Unlock(openssl_lock);
2792 return true;
2793 }
2794 else
2795 {
2796 Unlock(openssl_lock);
2797 return false;
2798 }
2799 }
2800
2801 // Check whether K is private key of X
CheckXandK(X * x,K * k)2802 bool CheckXandK(X *x, K *k)
2803 {
2804 // Validate arguments
2805 if (x == NULL || k == NULL)
2806 {
2807 return false;
2808 }
2809
2810 Lock(openssl_lock);
2811 if (X509_check_private_key(x->x509, k->pkey) != 0)
2812 {
2813 Unlock(openssl_lock);
2814 return true;
2815 }
2816 else
2817 {
2818 Unlock(openssl_lock);
2819 return false;
2820 }
2821 }
2822
2823 // Read a X from the file
FileToX(char * filename)2824 X *FileToX(char *filename)
2825 {
2826 wchar_t *filename_w = CopyStrToUni(filename);
2827 X *ret = FileToXW(filename_w);
2828
2829 Free(filename_w);
2830
2831 return ret;
2832 }
FileToXW(wchar_t * filename)2833 X *FileToXW(wchar_t *filename)
2834 {
2835 bool text;
2836 BUF *b;
2837 X *x;
2838 // Validate arguments
2839 if (filename == NULL)
2840 {
2841 return NULL;
2842 }
2843
2844 b = ReadDumpW(filename);
2845 text = IsBase64(b);
2846
2847 x = BufToX(b, text);
2848 FreeBuf(b);
2849
2850 return x;
2851 }
2852
2853 // Write the X to a file
XToFile(X * x,char * filename,bool text)2854 bool XToFile(X *x, char *filename, bool text)
2855 {
2856 wchar_t *filename_w = CopyStrToUni(filename);
2857 bool ret = XToFileW(x, filename_w, text);
2858
2859 Free(filename_w);
2860
2861 return ret;
2862 }
XToFileW(X * x,wchar_t * filename,bool text)2863 bool XToFileW(X *x, wchar_t *filename, bool text)
2864 {
2865 BUF *b;
2866 bool ret;
2867 // Validate arguments
2868 if (x == NULL || filename == NULL)
2869 {
2870 return false;
2871 }
2872
2873 b = XToBuf(x, text);
2874 if (b == NULL)
2875 {
2876 return false;
2877 }
2878
2879 ret = DumpBufW(b, filename);
2880 FreeBuf(b);
2881
2882 return ret;
2883 }
2884
2885 // Read a K from the file
FileToKW(wchar_t * filename,bool private_key,char * password)2886 K *FileToKW(wchar_t *filename, bool private_key, char *password)
2887 {
2888 bool text;
2889 BUF *b;
2890 K *k;
2891 // Validate arguments
2892 if (filename == NULL)
2893 {
2894 return NULL;
2895 }
2896
2897 b = ReadDumpW(filename);
2898 if (b == NULL)
2899 {
2900 return NULL;
2901 }
2902
2903 text = IsBase64(b);
2904 if (text == false)
2905 {
2906 k = BufToK(b, private_key, false, NULL);
2907 }
2908 else
2909 {
2910 k = BufToK(b, private_key, true, NULL);
2911 if (k == NULL)
2912 {
2913 k = BufToK(b, private_key, true, password);
2914 }
2915 }
2916
2917 FreeBuf(b);
2918
2919 return k;
2920 }
2921
2922 // Save the K to a file
KToFileW(K * k,wchar_t * filename,bool text,char * password)2923 bool KToFileW(K *k, wchar_t *filename, bool text, char *password)
2924 {
2925 BUF *b;
2926 bool ret;
2927 // Validate arguments
2928 if (k == NULL || filename == NULL)
2929 {
2930 return false;
2931 }
2932
2933 b = KToBuf(k, text, password);
2934 if (b == NULL)
2935 {
2936 return false;
2937 }
2938
2939 ret = DumpBufW(b, filename);
2940 FreeBuf(b);
2941
2942 return ret;
2943 }
2944
2945 // Convert the K to the BUF
KToBuf(K * k,bool text,char * password)2946 BUF *KToBuf(K *k, bool text, char *password)
2947 {
2948 BUF *buf;
2949 BIO *bio;
2950 // Validate arguments
2951 if (k == NULL)
2952 {
2953 return NULL;
2954 }
2955
2956 bio = KToBio(k, text, password);
2957 if (bio == NULL)
2958 {
2959 return NULL;
2960 }
2961
2962 buf = BioToBuf(bio);
2963 FreeBio(bio);
2964
2965 SeekBuf(buf, 0, 0);
2966
2967 return buf;
2968 }
2969
2970 // Convert the K to the BIO
KToBio(K * k,bool text,char * password)2971 BIO *KToBio(K *k, bool text, char *password)
2972 {
2973 BIO *bio;
2974 // Validate arguments
2975 if (k == NULL)
2976 {
2977 return NULL;
2978 }
2979
2980 bio = NewBio();
2981
2982 if (k->private_key)
2983 {
2984 // Secret key
2985 if (text == false)
2986 {
2987 // Binary format
2988 Lock(openssl_lock);
2989 {
2990 i2d_PrivateKey_bio(bio, k->pkey);
2991 }
2992 Unlock(openssl_lock);
2993 }
2994 else
2995 {
2996 // Text format
2997 if (password == 0 || StrLen(password) == 0)
2998 {
2999 // No encryption
3000 Lock(openssl_lock);
3001 {
3002 PEM_write_bio_PrivateKey(bio, k->pkey, NULL, NULL, 0, NULL, NULL);
3003 }
3004 Unlock(openssl_lock);
3005 }
3006 else
3007 {
3008 // Encrypt
3009 CB_PARAM cb;
3010 cb.password = password;
3011 Lock(openssl_lock);
3012 {
3013 PEM_write_bio_PrivateKey(bio, k->pkey, EVP_des_ede3_cbc(),
3014 NULL, 0, (pem_password_cb *)PKeyPasswordCallbackFunction, &cb);
3015 }
3016 Unlock(openssl_lock);
3017 }
3018 }
3019 }
3020 else
3021 {
3022 // Public key
3023 if (text == false)
3024 {
3025 // Binary format
3026 Lock(openssl_lock);
3027 {
3028 i2d_PUBKEY_bio(bio, k->pkey);
3029 }
3030 Unlock(openssl_lock);
3031 }
3032 else
3033 {
3034 // Text format
3035 Lock(openssl_lock);
3036 {
3037 PEM_write_bio_PUBKEY(bio, k->pkey);
3038 }
3039 Unlock(openssl_lock);
3040 }
3041 }
3042
3043 return bio;
3044 }
3045
3046 // Check whether the BUF is encoded as the Base64
IsBase64(BUF * b)3047 bool IsBase64(BUF *b)
3048 {
3049 UINT i;
3050 // Validate arguments
3051 if (b == NULL)
3052 {
3053 return false;
3054 }
3055
3056 if (SearchAsciiInBinary(b->Buf, b->Size, "-----BEGIN", false) != INFINITE)
3057 {
3058 return true;
3059 }
3060
3061 for (i = 0;i < b->Size;i++)
3062 {
3063 char c = ((char *)b->Buf)[i];
3064 bool b = false;
3065 if ('a' <= c && c <= 'z')
3066 {
3067 b = true;
3068 }
3069 else if ('A' <= c && c <= 'Z')
3070 {
3071 b = true;
3072 }
3073 else if ('0' <= c && c <= '9')
3074 {
3075 b = true;
3076 }
3077 else if (c == ':' || c == '.' || c == ';' || c == ',')
3078 {
3079 b = true;
3080 }
3081 else if (c == '!' || c == '&' || c == '#' || c == '(' || c == ')')
3082 {
3083 b = true;
3084 }
3085 else if (c == '-' || c == ' ')
3086 {
3087 b = true;
3088 }
3089 else if (c == 13 || c == 10 || c == EOF)
3090 {
3091 b = true;
3092 }
3093 else if (c == '\t' || c == '=' || c == '+' || c == '/')
3094 {
3095 b = true;
3096 }
3097 if (b == false)
3098 {
3099 return false;
3100 }
3101 }
3102 return true;
3103 }
3104
3105 // Check whether the K in the BUF is encrypted
IsEncryptedK(BUF * b,bool private_key)3106 bool IsEncryptedK(BUF *b, bool private_key)
3107 {
3108 K *k;
3109 // Validate arguments
3110 if (b == NULL)
3111 {
3112 return false;
3113 }
3114 if (IsBase64(b) == false)
3115 {
3116 return false;
3117 }
3118
3119 k = BufToK(b, private_key, true, NULL);
3120 if (k != NULL)
3121 {
3122 FreeK(k);
3123 return false;
3124 }
3125
3126 return true;
3127 }
3128
OpensslEngineToK(char * key_file_name,char * engine_name)3129 K *OpensslEngineToK(char *key_file_name, char *engine_name)
3130 {
3131 K *k;
3132 #if OPENSSL_API_COMPAT < 0x10100000L
3133 ENGINE_load_dynamic();
3134 #endif // OPENSSL_API_COMPAT < 0x10100000L
3135 ENGINE *engine = ENGINE_by_id(engine_name);
3136 ENGINE_init(engine);
3137 EVP_PKEY *pkey;
3138 pkey = ENGINE_load_private_key(engine, key_file_name, NULL, NULL);
3139 k = ZeroMalloc(sizeof(K));
3140 k->pkey = pkey;
3141 k->private_key = true;
3142 return k;
3143 }
3144
3145 // Convert the BUF to a K
BufToK(BUF * b,bool private_key,bool text,char * password)3146 K *BufToK(BUF *b, bool private_key, bool text, char *password)
3147 {
3148 BIO *bio;
3149 K *k;
3150 // Validate arguments
3151 if (b == NULL)
3152 {
3153 return NULL;
3154 }
3155
3156 bio = BufToBio(b);
3157 k = BioToK(bio, private_key, text, password);
3158 FreeBio(bio);
3159
3160 return k;
3161 }
3162
3163 // Release of K
FreeK(K * k)3164 void FreeK(K *k)
3165 {
3166 // Validate arguments
3167 if (k == NULL)
3168 {
3169 return;
3170 }
3171
3172 FreePKey(k->pkey);
3173 Free(k);
3174 }
3175
3176 // Release the secret key
FreePKey(EVP_PKEY * pkey)3177 void FreePKey(EVP_PKEY *pkey)
3178 {
3179 // Validate arguments
3180 if (pkey == NULL)
3181 {
3182 return;
3183 }
3184
3185 EVP_PKEY_free(pkey);
3186 }
3187
3188 // Convert the BIO to the K
BioToK(BIO * bio,bool private_key,bool text,char * password)3189 K *BioToK(BIO *bio, bool private_key, bool text, char *password)
3190 {
3191 EVP_PKEY *pkey;
3192 K *k;
3193 // Validate arguments
3194 if (bio == NULL)
3195 {
3196 return NULL;
3197 }
3198
3199 if (password != NULL && StrLen(password) == 0)
3200 {
3201 password = NULL;
3202 }
3203
3204 if (private_key == false)
3205 {
3206 // Public key
3207 if (text == false)
3208 {
3209 // Binary format
3210 pkey = d2i_PUBKEY_bio(bio, NULL);
3211 if (pkey == NULL)
3212 {
3213 return NULL;
3214 }
3215 }
3216 else
3217 {
3218 // Text format
3219 CB_PARAM cb;
3220 cb.password = password;
3221 Lock(openssl_lock);
3222 {
3223 pkey = PEM_read_bio_PUBKEY(bio, NULL, (pem_password_cb *)PKeyPasswordCallbackFunction, &cb);
3224 }
3225 Unlock(openssl_lock);
3226 if (pkey == NULL)
3227 {
3228 return NULL;
3229 }
3230 }
3231 }
3232 else
3233 {
3234 if (text == false)
3235 {
3236 // Binary format
3237 Lock(openssl_lock);
3238 {
3239 pkey = d2i_PrivateKey_bio(bio, NULL);
3240 }
3241 Unlock(openssl_lock);
3242 if (pkey == NULL)
3243 {
3244 return NULL;
3245 }
3246 }
3247 else
3248 {
3249 // Text format
3250 CB_PARAM cb;
3251 cb.password = password;
3252 Lock(openssl_lock);
3253 {
3254 pkey = PEM_read_bio_PrivateKey(bio, NULL, (pem_password_cb *)PKeyPasswordCallbackFunction, &cb);
3255 }
3256 Unlock(openssl_lock);
3257 if (pkey == NULL)
3258 {
3259 return NULL;
3260 }
3261 }
3262 }
3263
3264 k = ZeroMalloc(sizeof(K));
3265 k->pkey = pkey;
3266 k->private_key = private_key;
3267
3268 return k;
3269 }
3270
3271 // Password callback function
PKeyPasswordCallbackFunction(char * buf,int bufsize,int verify,void * param)3272 int PKeyPasswordCallbackFunction(char *buf, int bufsize, int verify, void *param)
3273 {
3274 CB_PARAM *cb;
3275 // Validate arguments
3276 if (buf == NULL || param == NULL || bufsize == 0)
3277 {
3278 return 0;
3279 }
3280
3281 cb = (CB_PARAM *)param;
3282 if (cb->password == NULL)
3283 {
3284 return 0;
3285 }
3286
3287 return StrCpy(buf, bufsize, cb->password);
3288 }
3289
3290 // Convert the X to a BUF
XToBuf(X * x,bool text)3291 BUF *XToBuf(X *x, bool text)
3292 {
3293 BIO *bio;
3294 BUF *b;
3295 // Validate arguments
3296 if (x == NULL)
3297 {
3298 return NULL;
3299 }
3300
3301 bio = XToBio(x, text);
3302 if (bio == NULL)
3303 {
3304 return NULL;
3305 }
3306
3307 b = BioToBuf(bio);
3308 FreeBio(bio);
3309
3310 SeekBuf(b, 0, 0);
3311
3312 return b;
3313 }
3314
3315 // Convert the X to a BIO
XToBio(X * x,bool text)3316 BIO *XToBio(X *x, bool text)
3317 {
3318 BIO *bio;
3319 // Validate arguments
3320 if (x == NULL)
3321 {
3322 return NULL;
3323 }
3324
3325 bio = NewBio();
3326
3327 Lock(openssl_lock);
3328 {
3329 if (text == false)
3330 {
3331 // Binary format
3332 i2d_X509_bio(bio, x->x509);
3333 }
3334 else
3335 {
3336 // Text format
3337 PEM_write_bio_X509(bio, x->x509);
3338 }
3339 }
3340 Unlock(openssl_lock);
3341
3342 return bio;
3343 }
3344
3345 // Release of the X
FreeX(X * x)3346 void FreeX(X *x)
3347 {
3348 // Validate arguments
3349 if (x == NULL)
3350 {
3351 return;
3352 }
3353
3354 // Release the name
3355 FreeXNames(x);
3356
3357
3358 // Release the Serial
3359 FreeXSerial(x->serial);
3360
3361 if (x->do_not_free == false)
3362 {
3363 FreeX509(x->x509);
3364 }
3365 Free(x);
3366 }
3367
3368 // Release of the X509
FreeX509(X509 * x509)3369 void FreeX509(X509 *x509)
3370 {
3371 // Validate arguments
3372 if (x509 == NULL)
3373 {
3374 return;
3375 }
3376
3377 Lock(openssl_lock);
3378 {
3379 X509_free(x509);
3380 }
3381 Unlock(openssl_lock);
3382 }
3383
3384 // Convert the BUF to a X
BufToX(BUF * b,bool text)3385 X *BufToX(BUF *b, bool text)
3386 {
3387 X *x;
3388 BIO *bio;
3389 // Validate arguments
3390 if (b == NULL)
3391 {
3392 return NULL;
3393 }
3394
3395 bio = BufToBio(b);
3396 if (bio == NULL)
3397 {
3398 FreeBuf(b);
3399 return NULL;
3400 }
3401
3402 x = BioToX(bio, text);
3403
3404 FreeBio(bio);
3405
3406 return x;
3407 }
3408
3409 // Get a digest of the X
GetXDigest(X * x,UCHAR * buf,bool sha1)3410 void GetXDigest(X *x, UCHAR *buf, bool sha1)
3411 {
3412 // Validate arguments
3413 if (x == NULL)
3414 {
3415 return;
3416 }
3417
3418 if (sha1 == false)
3419 {
3420 UINT size = MD5_SIZE;
3421 X509_digest(x->x509, EVP_md5(), buf, (unsigned int *)&size);
3422 }
3423 else
3424 {
3425 UINT size = SHA1_SIZE;
3426 X509_digest(x->x509, EVP_sha1(), buf, (unsigned int *)&size);
3427 }
3428 }
3429
3430 // Convert BIO to X
BioToX(BIO * bio,bool text)3431 X *BioToX(BIO *bio, bool text)
3432 {
3433 X *x;
3434 X509 *x509;
3435 // Validate arguments
3436 if (bio == NULL)
3437 {
3438 return NULL;
3439 }
3440
3441 Lock(openssl_lock);
3442 {
3443 // Reading x509
3444 if (text == false)
3445 {
3446 // Binary mode
3447 x509 = d2i_X509_bio(bio, NULL);
3448 }
3449 else
3450 {
3451 // Text mode
3452 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
3453 }
3454 }
3455 Unlock(openssl_lock);
3456
3457 if (x509 == NULL)
3458 {
3459 return NULL;
3460 }
3461
3462 x = X509ToX(x509);
3463
3464 if (x == NULL)
3465 {
3466 return NULL;
3467 }
3468
3469 return x;
3470 }
3471
3472 // Convert the X509 to X
X509ToX(X509 * x509)3473 X *X509ToX(X509 *x509)
3474 {
3475 X *x;
3476 K *k;
3477 BUF *b;
3478 UINT size;
3479 UINT type;
3480 ASN1_INTEGER *s;
3481 // Validate arguments
3482 if (x509 == NULL)
3483 {
3484 return NULL;
3485 }
3486
3487 x = ZeroMalloc(sizeof(X));
3488 x->x509 = x509;
3489
3490 // Name
3491 LoadXNames(x);
3492
3493 // Expiration date
3494 LoadXDates(x);
3495
3496 // Check whether it is a root certificate
3497 if (CompareName(x->issuer_name, x->subject_name))
3498 {
3499 K *pubkey = GetKFromX(x);
3500 if (pubkey != NULL)
3501 {
3502 if (CheckXandK(x, pubkey))
3503 {
3504 x->root_cert = true;
3505 }
3506 FreeK(pubkey);
3507 }
3508 }
3509
3510 // Check whether there is basic constraints
3511 if (X509_get_ext_by_NID(x509, NID_basic_constraints, -1) != -1)
3512 {
3513 x->has_basic_constraints = true;
3514 }
3515
3516 // Get the "Certification Authority Issuer" (1.3.6.1.5.5.7.48.2) field value
3517 if (x->root_cert == false)
3518 {
3519 AUTHORITY_INFO_ACCESS *ads = (AUTHORITY_INFO_ACCESS *)X509_get_ext_d2i(x509, NID_info_access, NULL, NULL);
3520
3521 if (ads != NULL)
3522 {
3523 int i;
3524
3525 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ads); i++)
3526 {
3527 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(ads, i);
3528 if (ad != NULL)
3529 {
3530 if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location->type == GEN_URI)
3531 {
3532 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
3533 char *uri = (char *)ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier);
3534 #else
3535 char *uri = (char *)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier);
3536 #endif
3537 if (IsEmptyStr(uri) == false)
3538 {
3539 StrCpy(x->issuer_url, sizeof(x->issuer_url), uri);
3540 break;
3541 }
3542 }
3543 }
3544 }
3545
3546 AUTHORITY_INFO_ACCESS_free(ads);
3547 }
3548 }
3549
3550 // Get the Serial Number
3551 s = X509_get_serialNumber(x509);
3552 x->serial = NewXSerial(s->data, s->length);
3553 if (x->serial == NULL)
3554 {
3555 char zero = 0;
3556 x->serial = NewXSerial(&zero, sizeof(char));
3557 }
3558
3559 k = GetKFromX(x);
3560 if (k == NULL)
3561 {
3562 FreeX(x);
3563 return NULL;
3564 }
3565
3566 b = KToBuf(k, false, NULL);
3567
3568 size = b->Size;
3569 type = EVP_PKEY_base_id(k->pkey);
3570
3571 FreeBuf(b);
3572
3573 //Fixed to get actual RSA key bits
3574 x->bits = EVP_PKEY_bits(k->pkey);
3575
3576 FreeK(k);
3577
3578 if (type == EVP_PKEY_RSA)
3579 {
3580 x->is_compatible_bit = true;
3581
3582 if(x->bits != 1024 && x->bits != 1536 && x->bits != 2048 && x->bits != 3072 && x->bits != 4096)
3583 {
3584 x->is_compatible_bit = false;
3585 }
3586 else
3587 {
3588 x->is_compatible_bit = true;
3589 }
3590
3591 /*switch (size)
3592 {
3593 case 162:
3594 x->bits = 1024;
3595 break;
3596
3597 case 226:
3598 x->bits = 1536;
3599 break;
3600
3601 case 294:
3602 x->bits = 2048;
3603 break;
3604
3605 case 442:
3606 x->bits = 3072;
3607 break;
3608
3609 case 550:
3610 x->bits = 4096;
3611 break;
3612
3613 default:
3614 x->is_compatible_bit = false;
3615 break;
3616 }*/
3617 }
3618
3619 return x;
3620 }
3621
3622 // Create a BIO
NewBio()3623 BIO *NewBio()
3624 {
3625 return BIO_new(BIO_s_mem());
3626 }
3627
3628 // Release the BIO
FreeBio(BIO * bio)3629 void FreeBio(BIO *bio)
3630 {
3631 // Validate arguments
3632 if (bio == NULL)
3633 {
3634 return;
3635 }
3636
3637 BIO_free(bio);
3638 }
3639
3640 // Convert the BIO to the BUF
BioToBuf(BIO * bio)3641 BUF *BioToBuf(BIO *bio)
3642 {
3643 BUF *b;
3644 UINT size;
3645 void *tmp;
3646 // Validate arguments
3647 if (bio == NULL)
3648 {
3649 return NULL;
3650 }
3651
3652 BIO_seek(bio, 0);
3653 size = (UINT)BIO_number_written(bio);
3654 tmp = Malloc(size);
3655 BIO_read(bio, tmp, size);
3656
3657 b = NewBuf();
3658 WriteBuf(b, tmp, size);
3659 Free(tmp);
3660
3661 return b;
3662 }
3663
3664 // Convert the BUF to a BIO
BufToBio(BUF * b)3665 BIO *BufToBio(BUF *b)
3666 {
3667 BIO *bio;
3668 // Validate arguments
3669 if (b == NULL)
3670 {
3671 return NULL;
3672 }
3673
3674 Lock(openssl_lock);
3675 {
3676 bio = BIO_new(BIO_s_mem());
3677 if (bio == NULL)
3678 {
3679 Unlock(openssl_lock);
3680 return NULL;
3681 }
3682 BIO_write(bio, b->Buf, b->Size);
3683 BIO_seek(bio, 0);
3684 }
3685 Unlock(openssl_lock);
3686
3687 return bio;
3688 }
3689
3690 // 64-bit random number generation
Rand64()3691 UINT64 Rand64()
3692 {
3693 UINT64 i;
3694 Rand(&i, sizeof(i));
3695 return i;
3696 }
3697
3698 // 32-bit random number generation
Rand32()3699 UINT Rand32()
3700 {
3701 UINT i;
3702 Rand(&i, sizeof(i));
3703 return i;
3704 }
3705
3706 // 16-bit random number generation
Rand16()3707 USHORT Rand16()
3708 {
3709 USHORT i;
3710 Rand(&i, sizeof(i));
3711 return i;
3712 }
3713
3714 // 8-bit random number generation
Rand8()3715 UCHAR Rand8()
3716 {
3717 UCHAR i;
3718 Rand(&i, sizeof(i));
3719 return i;
3720 }
3721
3722 // 1-bit random number generation
Rand1()3723 bool Rand1()
3724 {
3725 return (Rand32() % 2) == 0 ? false : true;
3726 }
3727
3728 // Random number generation
Rand(void * buf,UINT size)3729 void Rand(void *buf, UINT size)
3730 {
3731 // Validate arguments
3732 if (buf == NULL || size == 0)
3733 {
3734 return;
3735 }
3736 RAND_bytes(buf, size);
3737 }
3738
3739 // Delete a thread-specific information that OpenSSL has holded
FreeOpenSSLThreadState()3740 void FreeOpenSSLThreadState()
3741 {
3742 #if OPENSSL_VERSION_NUMBER < 0x10100000L
3743 CRYPTO_cleanup_all_ex_data();
3744 ERR_remove_thread_state(NULL);
3745 #else
3746 #ifndef LIBRESSL_VERSION_NUMBER
3747 OPENSSL_thread_stop();
3748 #endif
3749 #endif
3750 }
3751
3752 #if OPENSSL_VERSION_NUMBER < 0x10100000L
3753 #define SSL_COMP_free_compression_methods() (sk_free(SSL_COMP_get_compression_methods()))
3754 #endif
3755
3756 // Release the Crypt library
FreeCryptLibrary()3757 void FreeCryptLibrary()
3758 {
3759 openssl_inited = false;
3760
3761 DeleteLock(openssl_lock);
3762 openssl_lock = NULL;
3763 // RAND_Free_For_SoftEther();
3764 OpenSSL_FreeLock();
3765 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
3766 #ifdef OPENSSL_FIPS
3767 FIPS_mode_set(0);
3768 #endif
3769 #ifndef OPENSSL_NO_ENGINE
3770 ENGINE_cleanup();
3771 #endif
3772 CONF_modules_unload(1);
3773 EVP_cleanup();
3774
3775 FreeOpenSSLThreadState();
3776
3777 ERR_free_strings();
3778
3779 #ifndef OPENSSL_NO_COMP
3780 SSL_COMP_free_compression_methods();
3781 #endif
3782 #endif
3783 }
3784
3785 // Initialize the Crypt library
InitCryptLibrary()3786 void InitCryptLibrary()
3787 {
3788 char tmp[16];
3789
3790 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
3791 // RAND_Init_For_SoftEther()
3792 openssl_lock = NewLock();
3793 SSL_library_init();
3794 //OpenSSL_add_all_algorithms();
3795 OpenSSL_add_all_ciphers();
3796 OpenSSL_add_all_digests();
3797 ERR_load_crypto_strings();
3798 SSL_load_error_strings();
3799 #endif
3800
3801 ssl_clientcert_index = SSL_get_ex_new_index(0, "struct SslClientCertInfo *", NULL, NULL, NULL);
3802
3803 #ifdef OS_UNIX
3804 {
3805 char *name1 = "/dev/random";
3806 char *name2 = "/dev/urandom";
3807 IO *o;
3808 o = FileOpen(name1, false);
3809 if (o == NULL)
3810 {
3811 o = FileOpen(name2, false);
3812 if (o == NULL)
3813 {
3814 UINT64 now = SystemTime64();
3815 BUF *b;
3816 UINT i;
3817 b = NewBuf();
3818 for (i = 0;i < 4096;i++)
3819 {
3820 UCHAR c = rand() % 256;
3821 WriteBuf(b, &c, 1);
3822 }
3823 WriteBuf(b, &now, sizeof(now));
3824 RAND_seed(b->Buf, b->Size);
3825 FreeBuf(b);
3826 }
3827 else
3828 {
3829 FileClose(o);
3830 }
3831 }
3832 else
3833 {
3834 FileClose(o);
3835 }
3836 }
3837 #endif // OS_UNIX
3838
3839 RAND_poll();
3840
3841 #ifdef OS_WIN32
3842 // RAND_screen();
3843 #endif
3844 Rand(tmp, sizeof(tmp));
3845 OpenSSL_InitLock();
3846
3847 openssl_inited = true;
3848 }
3849
3850 // Hash with the SHA-1 and convert it to UINT
HashToUINT(void * data,UINT size)3851 UINT HashToUINT(void *data, UINT size)
3852 {
3853 UCHAR hash[SHA1_SIZE];
3854 UINT u;
3855 // Validate arguments
3856 if (data == NULL && size != 0)
3857 {
3858 return 0;
3859 }
3860
3861 Sha1(hash, data, size);
3862
3863 Copy(&u, hash, sizeof(UINT));
3864
3865 u = Endian32(u);
3866
3867 return u;
3868 }
3869
3870 // Creating a new CRYPT object
NewCrypt(void * key,UINT size)3871 CRYPT *NewCrypt(void *key, UINT size)
3872 {
3873 CRYPT *c = ZeroMalloc(sizeof(CRYPT));
3874
3875 c->Rc4Key = Malloc(sizeof(RC4_KEY));
3876
3877 RC4_set_key(c->Rc4Key, size, (UCHAR *)key);
3878
3879 return c;
3880 }
3881
3882 // Release the CRYPT object
FreeCrypt(CRYPT * c)3883 void FreeCrypt(CRYPT *c)
3884 {
3885 // Validate arguments
3886 if (c == NULL)
3887 {
3888 return;
3889 }
3890
3891 // Memory release
3892 Free(c->Rc4Key);
3893 Free(c);
3894 }
3895
3896 // Encryption and decryption
Encrypt(CRYPT * c,void * dst,void * src,UINT size)3897 void Encrypt(CRYPT *c, void *dst, void *src, UINT size)
3898 {
3899 RC4(c->Rc4Key, size, src, dst);
3900 }
3901
3902 // 3DES encryption
Des3Encrypt2(void * dest,void * src,UINT size,DES_KEY_VALUE * k1,DES_KEY_VALUE * k2,DES_KEY_VALUE * k3,void * ivec)3903 void Des3Encrypt2(void *dest, void *src, UINT size, DES_KEY_VALUE *k1, DES_KEY_VALUE *k2, DES_KEY_VALUE *k3, void *ivec)
3904 {
3905 UCHAR ivec_copy[DES_IV_SIZE];
3906 // Validate arguments
3907 if (dest == NULL || src == NULL || size == 0 || k1 == NULL || k2 == NULL || k3 == NULL || ivec == NULL)
3908 {
3909 return;
3910 }
3911
3912 Copy(ivec_copy, ivec, DES_IV_SIZE);
3913
3914 DES_ede3_cbc_encrypt(src, dest, size,
3915 k1->KeySchedule,
3916 k2->KeySchedule,
3917 k3->KeySchedule,
3918 (DES_cblock *)ivec_copy,
3919 1);
3920 }
3921
3922 // DES encryption
DesEncrypt(void * dest,void * src,UINT size,DES_KEY_VALUE * k,void * ivec)3923 void DesEncrypt(void *dest, void *src, UINT size, DES_KEY_VALUE *k, void *ivec)
3924 {
3925 UCHAR ivec_copy[DES_IV_SIZE];
3926 // Validate arguments
3927 if (dest == NULL || src == NULL || size == 0 || k == NULL || ivec == NULL)
3928 {
3929 return;
3930 }
3931
3932 Copy(ivec_copy, ivec, DES_IV_SIZE);
3933
3934 DES_cbc_encrypt(src, dest, size,
3935 k->KeySchedule,
3936 (DES_cblock *)ivec_copy,
3937 1);
3938 }
3939
3940 // 3DES decryption
Des3Decrypt2(void * dest,void * src,UINT size,DES_KEY_VALUE * k1,DES_KEY_VALUE * k2,DES_KEY_VALUE * k3,void * ivec)3941 void Des3Decrypt2(void *dest, void *src, UINT size, DES_KEY_VALUE *k1, DES_KEY_VALUE *k2, DES_KEY_VALUE *k3, void *ivec)
3942 {
3943 UCHAR ivec_copy[DES_IV_SIZE];
3944 // Validate arguments
3945 if (dest == NULL || src == NULL || size == 0 || k1 == NULL || k2 == NULL || k3 == NULL || ivec == NULL)
3946 {
3947 return;
3948 }
3949
3950 Copy(ivec_copy, ivec, DES_IV_SIZE);
3951
3952 DES_ede3_cbc_encrypt(src, dest, size,
3953 k1->KeySchedule,
3954 k2->KeySchedule,
3955 k3->KeySchedule,
3956 (DES_cblock *)ivec_copy,
3957 0);
3958 }
3959
3960 // DES-ECB encryption
DesEcbEncrypt(void * dst,void * src,void * key_7bytes)3961 void DesEcbEncrypt(void *dst, void *src, void *key_7bytes)
3962 {
3963 UCHAR *key_56;
3964 DES_cblock key;
3965 DES_key_schedule ks;
3966 // Validate arguments
3967 if (dst == NULL || src == NULL || key_7bytes == NULL)
3968 {
3969 return;
3970 }
3971
3972 key_56 = (UCHAR *)key_7bytes;
3973
3974 Zero(&key, sizeof(key));
3975 Zero(&ks, sizeof(ks));
3976
3977 key[0] = key_56[0];
3978 key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
3979 key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
3980 key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
3981 key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
3982 key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
3983 key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
3984 key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
3985
3986 DES_set_odd_parity(&key);
3987 DES_set_key_unchecked(&key, &ks);
3988
3989 DES_ecb_encrypt(src, dst, &ks, 1);
3990 }
3991
3992 // DES decryption
DesDecrypt(void * dest,void * src,UINT size,DES_KEY_VALUE * k,void * ivec)3993 void DesDecrypt(void *dest, void *src, UINT size, DES_KEY_VALUE *k, void *ivec)
3994 {
3995 UCHAR ivec_copy[DES_IV_SIZE];
3996 // Validate arguments
3997 if (dest == NULL || src == NULL || size == 0 || k == NULL || ivec == NULL)
3998 {
3999 return;
4000 }
4001
4002 Copy(ivec_copy, ivec, DES_IV_SIZE);
4003
4004 DES_cbc_encrypt(src, dest, size,
4005 k->KeySchedule,
4006 (DES_cblock *)ivec_copy,
4007 0);
4008 }
4009
4010 // Create a new DES key element
DesNewKeyValue(void * value)4011 DES_KEY_VALUE *DesNewKeyValue(void *value)
4012 {
4013 DES_KEY_VALUE *v;
4014 // Validate arguments
4015 if (value == NULL)
4016 {
4017 return NULL;
4018 }
4019
4020 v = ZeroMalloc(sizeof(DES_KEY_VALUE));
4021
4022 Copy(v->KeyValue, value, DES_KEY_SIZE);
4023
4024 v->KeySchedule = ZeroMalloc(sizeof(DES_key_schedule));
4025
4026 DES_set_key_unchecked(value, v->KeySchedule);
4027
4028 return v;
4029 }
4030
4031 // Release of DES key element
DesFreeKeyValue(DES_KEY_VALUE * v)4032 void DesFreeKeyValue(DES_KEY_VALUE *v)
4033 {
4034 // Validate arguments
4035 if (v == NULL)
4036 {
4037 return;
4038 }
4039
4040 Free(v->KeySchedule);
4041 Free(v);
4042 }
4043
4044 // Create a new AES key
AesNewKey(void * data,UINT size)4045 AES_KEY_VALUE *AesNewKey(void *data, UINT size)
4046 {
4047 AES_KEY_VALUE *k;
4048 // Validate arguments
4049 if (data == NULL || (!(size == 16 || size == 24 || size == 32)))
4050 {
4051 return NULL;
4052 }
4053
4054 k = ZeroMalloc(sizeof(AES_KEY_VALUE));
4055
4056 k->EncryptKey = ZeroMalloc(sizeof(AES_KEY));
4057 k->DecryptKey = ZeroMalloc(sizeof(AES_KEY));
4058
4059 k->KeySize = size;
4060 Copy(k->KeyValue, data, size);
4061
4062 AES_set_encrypt_key(data, size * 8, k->EncryptKey);
4063 AES_set_decrypt_key(data, size * 8, k->DecryptKey);
4064
4065 return k;
4066 }
4067
4068 // Release the AES key
AesFreeKey(AES_KEY_VALUE * k)4069 void AesFreeKey(AES_KEY_VALUE *k)
4070 {
4071 // Validate arguments
4072 if (k == NULL)
4073 {
4074 return;
4075 }
4076
4077 Free(k->EncryptKey);
4078 Free(k->DecryptKey);
4079
4080 Free(k);
4081 }
4082
4083 // AES encryption
AesEncrypt(void * dest,void * src,UINT size,AES_KEY_VALUE * k,void * ivec)4084 void AesEncrypt(void *dest, void *src, UINT size, AES_KEY_VALUE *k, void *ivec)
4085 {
4086 EVP_CIPHER_CTX *ctx = NULL;
4087 int dest_len = 0;
4088 int len = 0;
4089 int ret = 0;
4090
4091 // Validate arguments
4092 if (dest == NULL || src == NULL || size == 0 || k == NULL || ivec == NULL)
4093 {
4094 return;
4095 }
4096
4097 // Create and initialize the context
4098 ctx = EVP_CIPHER_CTX_new();
4099
4100 if (!ctx)
4101 {
4102 ERR_print_errors_fp(stderr);
4103 return;
4104 }
4105
4106 // Disable padding, as it's handled by IkeEncryptWithPadding()
4107 EVP_CIPHER_CTX_set_padding(ctx, false);
4108
4109 // Initialize the encryption operation
4110 switch (k->KeySize)
4111 {
4112 case 16:
4113 ret = EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, k->KeyValue, ivec);
4114 break;
4115
4116 case 24:
4117 ret = EVP_EncryptInit_ex(ctx, EVP_aes_192_cbc(), NULL, k->KeyValue, ivec);
4118 break;
4119
4120 case 32:
4121 ret = EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, k->KeyValue, ivec);
4122 break;
4123 }
4124
4125 if (ret != 1)
4126 {
4127 ERR_print_errors_fp(stderr);
4128 EVP_CIPHER_CTX_free(ctx);
4129 return;
4130 }
4131
4132 // Provide the message to be encrypted and obtain the cipher output
4133 ret = EVP_EncryptUpdate(ctx, dest, &dest_len, src, size);
4134
4135 if (ret != 1)
4136 {
4137 ERR_print_errors_fp(stderr);
4138 EVP_CIPHER_CTX_free(ctx);
4139 return;
4140 }
4141
4142 // Finalize the encryption
4143 ret = EVP_EncryptFinal_ex(ctx, (unsigned char *) dest + dest_len, &len);
4144
4145 if (ret != 1)
4146 {
4147 ERR_print_errors_fp(stderr);
4148 EVP_CIPHER_CTX_free(ctx);
4149 return;
4150 }
4151
4152 dest_len += len;
4153
4154 // Clean up
4155 EVP_CIPHER_CTX_free(ctx);
4156 }
4157
4158 // AES decryption
AesDecrypt(void * dest,void * src,UINT size,AES_KEY_VALUE * k,void * ivec)4159 void AesDecrypt(void *dest, void *src, UINT size, AES_KEY_VALUE *k, void *ivec)
4160 {
4161 EVP_CIPHER_CTX *ctx = NULL;
4162 int dest_len = 0;
4163 int len = 0;
4164 int ret = 0;
4165
4166 // Validate arguments
4167 if (dest == NULL || src == NULL || size == 0 || k == NULL || ivec == NULL)
4168 {
4169 return;
4170 }
4171
4172 // Create and initialize the context
4173 ctx = EVP_CIPHER_CTX_new();
4174
4175 if (!ctx)
4176 {
4177 ERR_print_errors_fp(stderr);
4178 return;
4179 }
4180
4181 // Disable padding, as it's handled by IkeEncryptWithPadding()
4182 EVP_CIPHER_CTX_set_padding(ctx, false);
4183
4184 // Initialize the decryption operation
4185 switch (k->KeySize)
4186 {
4187 case 16:
4188 ret = EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, k->KeyValue, ivec);
4189 break;
4190
4191 case 24:
4192 ret = EVP_DecryptInit_ex(ctx, EVP_aes_192_cbc(), NULL, k->KeyValue, ivec);
4193 break;
4194
4195 case 32:
4196 ret = EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, k->KeyValue, ivec);
4197 break;
4198 }
4199
4200 if (ret != 1)
4201 {
4202 ERR_print_errors_fp(stderr);
4203 EVP_CIPHER_CTX_free(ctx);
4204 return;
4205 }
4206
4207 // Provide the message to be decrypted and obtain the plaintext output
4208 ret = EVP_DecryptUpdate(ctx, dest, &dest_len, src, size);
4209
4210 if (ret != 1)
4211 {
4212 ERR_print_errors_fp(stderr);
4213 EVP_CIPHER_CTX_free(ctx);
4214 return;
4215 }
4216
4217 // Finalize the decryption
4218 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) dest + dest_len, &len);
4219
4220 if (ret != 1)
4221 {
4222 ERR_print_errors_fp(stderr);
4223 EVP_CIPHER_CTX_free(ctx);
4224 return;
4225 }
4226
4227 dest_len += len;
4228
4229 // Clean up
4230 EVP_CIPHER_CTX_free(ctx);
4231 }
4232
4233 // Determine whether the AES-NI instruction set is supported by the CPU
IsAesNiSupported()4234 bool IsAesNiSupported()
4235 {
4236 bool supported = false;
4237
4238 // Unfortunately OpenSSL doesn't provide a function to do it
4239 #ifdef _MSC_VER
4240 int regs[4]; // EAX, EBX, ECX, EDX
4241 __cpuid(regs, 1);
4242 supported = (regs[2] >> 25) & 1;
4243 #else // _MSC_VER
4244 #if defined(CPU_FEATURES_ARCH_X86)
4245 const X86Features features = GetX86Info().features;
4246 supported = features.aes;
4247 #elif defined(CPU_FEATURES_ARCH_ARM)
4248 const ArmFeatures features = GetArmInfo().features;
4249 supported = features.aes;
4250 #elif defined(CPU_FEATURES_ARCH_AARCH64)
4251 const Aarch64Features features = GetAarch64Info().features;
4252 supported = features.aes;
4253 #elif defined(CPU_FEATURES_ARCH_MIPS)
4254 //const MipsFeatures features = GetMipsInfo().features; // no features.aes
4255 #elif defined(CPU_FEATURES_ARCH_PPC)
4256 //const PPCFeatures features = GetPPCInfo().features; // no features.aes
4257 #endif
4258 #endif // _MSC_VER
4259
4260 return supported;
4261 }
4262
4263 // DH calculation
DhCompute(DH_CTX * dh,void * dst_priv_key,void * src_pub_key,UINT key_size)4264 bool DhCompute(DH_CTX *dh, void *dst_priv_key, void *src_pub_key, UINT key_size)
4265 {
4266 int i;
4267 BIGNUM *bn;
4268 bool ret = false;
4269 // Validate arguments
4270 if (dh == NULL || dst_priv_key == NULL || src_pub_key == NULL)
4271 {
4272 return false;
4273 }
4274 if (key_size > dh->Size)
4275 {
4276 return false;
4277 }
4278
4279 bn = BinToBigNum(src_pub_key, key_size);
4280
4281 i = DH_compute_key(dst_priv_key, bn, dh->dh);
4282
4283 if (i == dh->Size)
4284 {
4285 ret = true;
4286 }
4287 else if ((UINT)i < dh->Size)
4288 {
4289 UCHAR *dst2 = Clone(dst_priv_key, i);
4290
4291 Zero(dst_priv_key, dh->Size);
4292
4293 Copy(((UCHAR *)dst_priv_key) + (dh->Size - i), dst2, i);
4294
4295 ret = true;
4296 }
4297
4298 BN_free(bn);
4299
4300 return ret;
4301 }
4302
4303 // Creating a DH 2048bit
DhNew2048()4304 DH_CTX *DhNew2048()
4305 {
4306 return DhNew(DH_SET_2048, 2);
4307 }
4308 // Creating a DH 3072bit
DhNew3072()4309 DH_CTX *DhNew3072()
4310 {
4311 return DhNew(DH_SET_3072, 2);
4312 }
4313 // Creating a DH 4096bit
DhNew4096()4314 DH_CTX *DhNew4096()
4315 {
4316 return DhNew(DH_SET_4096, 2);
4317 }
4318
4319 // Creating a DH GROUP1
DhNewGroup1()4320 DH_CTX *DhNewGroup1()
4321 {
4322 return DhNew(DH_GROUP1_PRIME_768, 2);
4323 }
4324
4325 // Creating a DH GROUP2
DhNewGroup2()4326 DH_CTX *DhNewGroup2()
4327 {
4328 return DhNew(DH_GROUP2_PRIME_1024, 2);
4329 }
4330
4331 // Creating a DH GROUP5
DhNewGroup5()4332 DH_CTX *DhNewGroup5()
4333 {
4334 return DhNew(DH_GROUP5_PRIME_1536, 2);
4335 }
4336
4337
4338 // Creating a DH SIMPLE 160bits
DhNewSimple160()4339 DH_CTX *DhNewSimple160()
4340 {
4341 return DhNew(DH_SIMPLE_160, 2);
4342 }
4343
DhNewFromBits(UINT bits)4344 DH_CTX *DhNewFromBits(UINT bits)
4345 {
4346 switch (bits)
4347 {
4348 case 160:
4349 return DhNewSimple160();
4350 case 768:
4351 return DhNewGroup1();
4352 case 1024:
4353 return DhNewGroup2();
4354 case 1536:
4355 return DhNewGroup5();
4356 case 2048:
4357 return DhNew2048();
4358 case 3072:
4359 return DhNew3072();
4360 case 4096:
4361 return DhNew4096();
4362 default:
4363 return DhNew2048();
4364 }
4365 }
4366
4367 // Creating a new DH
DhNew(char * prime,UINT g)4368 DH_CTX *DhNew(char *prime, UINT g)
4369 {
4370 DH_CTX *dh;
4371 BUF *buf;
4372 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
4373 BIGNUM *dhp, *dhg;
4374 const BIGNUM *pub, *priv;
4375 #endif
4376 // Validate arguments
4377 if (prime == NULL || g == 0)
4378 {
4379 return NULL;
4380 }
4381
4382 buf = StrToBin(prime);
4383
4384 dh = ZeroMalloc(sizeof(DH_CTX));
4385
4386 dh->dh = DH_new();
4387 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
4388 dhp = BinToBigNum(buf->Buf, buf->Size);
4389 dhg = BN_new();
4390 BN_set_word(dhg, g);
4391 DH_set0_pqg(dh->dh, dhp, NULL, dhg);
4392 #else
4393 dh->dh->p = BinToBigNum(buf->Buf, buf->Size);
4394 dh->dh->g = BN_new();
4395 BN_set_word(dh->dh->g, g);
4396 #endif
4397
4398 DH_generate_key(dh->dh);
4399
4400 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
4401 DH_get0_key(dh->dh, &pub, &priv);
4402 dh->MyPublicKey = BigNumToBuf(pub);
4403 dh->MyPrivateKey = BigNumToBuf(priv);
4404 #else
4405 dh->MyPublicKey = BigNumToBuf(dh->dh->pub_key);
4406 dh->MyPrivateKey = BigNumToBuf(dh->dh->priv_key);
4407 #endif
4408
4409 dh->Size = buf->Size;
4410
4411 FreeBuf(buf);
4412
4413 return dh;
4414 }
4415
4416 // Release of DH
DhFree(DH_CTX * dh)4417 void DhFree(DH_CTX *dh)
4418 {
4419 // Validate arguments
4420 if (dh == NULL)
4421 {
4422 return;
4423 }
4424
4425 DH_free(dh->dh);
4426
4427 FreeBuf(dh->MyPrivateKey);
4428 FreeBuf(dh->MyPublicKey);
4429
4430 Free(dh);
4431 }
4432
GetSslClientCertIndex()4433 int GetSslClientCertIndex()
4434 {
4435 return ssl_clientcert_index;
4436 }
4437
4438 // Internal functions
Internal_HMac(const EVP_MD * md,void * dest,void * key,UINT key_size,const void * src,const UINT src_size)4439 static UINT Internal_HMac(const EVP_MD *md, void *dest, void *key, UINT key_size, const void *src, const UINT src_size)
4440 {
4441 MD *m;
4442 UINT len = 0;
4443
4444 // Validate arguments
4445 if (md == NULL || dest == NULL || key == NULL || key_size == 0 || (src == NULL && src_size != 0))
4446 {
4447 return 0;
4448 }
4449
4450 m = ZeroMalloc(sizeof(MD));
4451 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
4452 m->Ctx = HMAC_CTX_new();
4453 #else
4454 m->Ctx = ZeroMalloc(sizeof(HMAC_CTX));
4455 HMAC_CTX_init(m->Ctx);
4456 #endif
4457 m->Md = md;
4458 m->IsHMac = true;
4459
4460 if (SetMdKey(m, key, key_size) == false)
4461 {
4462 Debug("Internal_HMac(): SetMdKey() failed!\n");
4463 goto final;
4464 }
4465
4466 len = MdProcess(m, dest, (void *)src, src_size);
4467 if (len == 0)
4468 {
4469 Debug("Internal_HMac(): MdProcess() returned 0!\n");
4470 }
4471
4472 final:
4473 FreeMd(m);
4474 return len;
4475 }
4476
4477 /////////////////////////
4478 // SHA0 implementation //
4479 /////////////////////////
4480
4481 // Source codes from:
4482 // https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c/libmincrypt/sha.c
4483 // https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c/include/mincrypt/hash-internal.h
4484 // https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c/include/mincrypt/sha.h
4485
4486 /*
4487 * Copyright 2013 The Android Open Source Project
4488 *
4489 * Redistribution and use in source and binary forms, with or without
4490 * modification, are permitted provided that the following conditions are met:
4491 * * Redistributions of source code must retain the above copyright
4492 * notice, this list of conditions and the following disclaimer.
4493 * * Redistributions in binary form must reproduce the above copyright
4494 * notice, this list of conditions and the following disclaimer in the
4495 * documentation and/or other materials provided with the distribution.
4496 * * Neither the name of Google Inc. nor the names of its contributors may
4497 * be used to endorse or promote products derived from this software
4498 * without specific prior written permission.
4499 *
4500 * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
4501 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
4502 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
4503 * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
4504 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
4505 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
4506 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
4507 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
4508 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
4509 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
4510 */
4511
4512
4513 #define rol(bits, value) (((value) << (bits)) | ((value) >> (32 - (bits))))
4514
4515 typedef struct MY_SHA0_CTX {
4516 // const HASH_VTAB * f;
4517 UINT64 count;
4518 UCHAR buf[64];
4519 UINT state[8]; // upto SHA2
4520 } MY_SHA0_CTX;
4521
4522 #define MY_SHA0_DIGEST_SIZE 20
4523
MY_SHA0_Transform(MY_SHA0_CTX * ctx)4524 static void MY_SHA0_Transform(MY_SHA0_CTX* ctx) {
4525 UINT W[80];
4526 UINT A, B, C, D, E;
4527 UCHAR* p = ctx->buf;
4528 int t;
4529 for(t = 0; t < 16; ++t) {
4530 UINT tmp = *p++ << 24;
4531 tmp |= *p++ << 16;
4532 tmp |= *p++ << 8;
4533 tmp |= *p++;
4534 W[t] = tmp;
4535 }
4536 for(; t < 80; t++) {
4537 //W[t] = rol(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
4538 W[t] = (1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
4539 }
4540 A = ctx->state[0];
4541 B = ctx->state[1];
4542 C = ctx->state[2];
4543 D = ctx->state[3];
4544 E = ctx->state[4];
4545 for(t = 0; t < 80; t++) {
4546 UINT tmp = rol(5,A) + E + W[t];
4547 if (t < 20)
4548 tmp += (D^(B&(C^D))) + 0x5A827999;
4549 else if ( t < 40)
4550 tmp += (B^C^D) + 0x6ED9EBA1;
4551 else if ( t < 60)
4552 tmp += ((B&C)|(D&(B|C))) + 0x8F1BBCDC;
4553 else
4554 tmp += (B^C^D) + 0xCA62C1D6;
4555 E = D;
4556 D = C;
4557 C = rol(30,B);
4558 B = A;
4559 A = tmp;
4560 }
4561 ctx->state[0] += A;
4562 ctx->state[1] += B;
4563 ctx->state[2] += C;
4564 ctx->state[3] += D;
4565 ctx->state[4] += E;
4566 }
MY_SHA0_init(MY_SHA0_CTX * ctx)4567 void MY_SHA0_init(MY_SHA0_CTX* ctx) {
4568 //ctx->f = &SHA_VTAB;
4569 ctx->state[0] = 0x67452301;
4570 ctx->state[1] = 0xEFCDAB89;
4571 ctx->state[2] = 0x98BADCFE;
4572 ctx->state[3] = 0x10325476;
4573 ctx->state[4] = 0xC3D2E1F0;
4574 ctx->count = 0;
4575 }
MY_SHA0_update(MY_SHA0_CTX * ctx,const void * data,int len)4576 void MY_SHA0_update(MY_SHA0_CTX* ctx, const void* data, int len) {
4577 int i = (int) (ctx->count & 63);
4578 const UCHAR* p = (const UCHAR*)data;
4579 ctx->count += len;
4580 while (len--) {
4581 ctx->buf[i++] = *p++;
4582 if (i == 64) {
4583 MY_SHA0_Transform(ctx);
4584 i = 0;
4585 }
4586 }
4587 }
MY_SHA0_final(MY_SHA0_CTX * ctx)4588 const UCHAR* MY_SHA0_final(MY_SHA0_CTX* ctx) {
4589 UCHAR *p = ctx->buf;
4590 UINT64 cnt = ctx->count * 8;
4591 int i;
4592 MY_SHA0_update(ctx, (UCHAR*)"\x80", 1);
4593 while ((ctx->count & 63) != 56) {
4594 MY_SHA0_update(ctx, (UCHAR*)"\0", 1);
4595 }
4596 for (i = 0; i < 8; ++i) {
4597 UCHAR tmp = (UCHAR) (cnt >> ((7 - i) * 8));
4598 MY_SHA0_update(ctx, &tmp, 1);
4599 }
4600 for (i = 0; i < 5; i++) {
4601 UINT tmp = ctx->state[i];
4602 *p++ = tmp >> 24;
4603 *p++ = tmp >> 16;
4604 *p++ = tmp >> 8;
4605 *p++ = tmp >> 0;
4606 }
4607 return ctx->buf;
4608 }
4609 /* Convenience function */
MY_SHA0_hash(const void * data,int len,UCHAR * digest)4610 const UCHAR* MY_SHA0_hash(const void* data, int len, UCHAR* digest) {
4611 MY_SHA0_CTX ctx;
4612 MY_SHA0_init(&ctx);
4613 MY_SHA0_update(&ctx, data, len);
4614 memcpy(digest, MY_SHA0_final(&ctx), MY_SHA0_DIGEST_SIZE);
4615 return digest;
4616 }
Internal_Sha0(unsigned char * dest,const unsigned char * src,const UINT size)4617 static void Internal_Sha0(unsigned char *dest, const unsigned char *src, const UINT size)
4618 {
4619 MY_SHA0_hash(src, (int)size, dest);
4620 }
4621