src/libstrongswan/plugins/openssl/openssl_crypter.c

   1 /*
   2  * Copyright (C) 2008 Tobias Brunner
   3  * Hochschule fuer Technik Rapperswil
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #include "openssl_crypter.h"
  17
  18 #include <openssl/evp.h>
  19
  20 typedef struct private_openssl_crypter_t private_openssl_crypter_t;
  21
  22 /**
  23  * Private data of openssl_crypter_t
  24  */
  25 struct private_openssl_crypter_t {
  26
  27         /**
  28          * Public part of this class.
  29          */
  30         openssl_crypter_t public;
  31
  32         /*
  33          * the key
  34          */
  35         chunk_t key;
  36
  37         /*
  38          * the cipher to use
  39          */
  40         const EVP_CIPHER *cipher;
  41 };
  42
  43 /**
  44  * Look up an OpenSSL algorithm name and validate its key size
  45  */
  46 static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size)
  47 {
  48         struct {
  49                 /* identifier specified in IKEv2 */
  50                 int ikev2_id;
  51                 /* name of the algorithm, as used in OpenSSL */
  52                 char *name;
  53                 /* default key size in bytes */
  54                 size_t key_def;
  55                 /* minimum key size */
  56                 size_t key_min;
  57                 /* maximum key size */
  58                 size_t key_max;
  59         } mappings[] = {
  60                 {ENCR_DES,                      "des",                   8,              8,               8},
  61                 {ENCR_3DES,             "des3",                 24,             24,              24},
  62                 {ENCR_RC5,                      "rc5",                  16,              5,             255},
  63                 {ENCR_IDEA,             "idea",                 16,             16,              16},
  64                 {ENCR_CAST,             "cast",                 16,              5,              16},
  65                 {ENCR_BLOWFISH,         "blowfish",             16,              5,              56},
  66         };
  67         int i;
  68
  69         for (i = 0; i < countof(mappings); i++)
  70         {
  71                 if (ikev2_algo == mappings[i].ikev2_id)
  72                 {
  73                         /* set the key size if it is not set */
  74                         if (*key_size == 0)
  75                         {
  76                                 *key_size = mappings[i].key_def;
  77                         }
  78                         /* validate key size */
  79                         if (*key_size < mappings[i].key_min ||
  80                                 *key_size > mappings[i].key_max)
  81                         {
  82                                 return NULL;
  83                         }
  84                         return mappings[i].name;
  85                 }
  86         }
  87         return NULL;
  88 }
  89
  90 /**
  91  * Do the actual en/decryption in an EVP context
  92  */
  93 static void crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
  94                                   chunk_t *dst, int enc)
  95 {
  96         int len;
  97         u_char *out;
  98
  99         out = data.ptr;
 100         if (dst)
 101         {
 102                 *dst = chunk_alloc(data.len);
 103                 out = dst->ptr;
 104         }
 105         EVP_CIPHER_CTX ctx;
 106         EVP_CIPHER_CTX_init(&ctx);
 107         EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc);
 108         EVP_CIPHER_CTX_set_padding(&ctx, 0);            /* disable padding */
 109         EVP_CIPHER_CTX_set_key_length(&ctx, this->key.len);
 110         EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, iv.ptr, enc);
 111         EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len);
 112         EVP_CipherFinal_ex(&ctx, out + len, &len); /* since padding is disabled this does nothing */
 113         EVP_CIPHER_CTX_cleanup(&ctx);
 114 }
 115
 116 METHOD(crypter_t, decrypt, void,
 117         private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
 118 {
 119         crypt(this, data, iv, dst, 0);
 120 }
 121
 122 METHOD(crypter_t, encrypt, void,
 123         private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
 124 {
 125         crypt(this, data, iv, dst, 1);
 126 }
 127
 128 METHOD(crypter_t, get_block_size, size_t,
 129         private_openssl_crypter_t *this)
 130 {
 131         return this->cipher->block_size;
 132 }
 133
 134 METHOD(crypter_t, get_iv_size, size_t,
 135         private_openssl_crypter_t *this)
 136 {
 137         return this->cipher->block_size;
 138 }
 139
 140 METHOD(crypter_t, get_key_size, size_t,
 141         private_openssl_crypter_t *this)
 142 {
 143         return this->key.len;
 144 }
 145
 146 METHOD(crypter_t, set_key, void,
 147         private_openssl_crypter_t *this, chunk_t key)
 148 {
 149         memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
 150 }
 151
 152 METHOD(crypter_t, destroy, void,
 153         private_openssl_crypter_t *this)
 154 {
 155         chunk_clear(&this->key);
 156         free(this);
 157 }
 158
 159 /*
 160  * Described in header
 161  */
 162 openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
 163                                                                                                   size_t key_size)
 164 {
 165         private_openssl_crypter_t *this;
 166
 167         INIT(this,
 168                 .public = {
 169                         .crypter = {
 170                                 .encrypt = _encrypt,
 171                                 .decrypt = _decrypt,
 172                                 .get_block_size = _get_block_size,
 173                                 .get_iv_size = _get_iv_size,
 174                                 .get_key_size = _get_key_size,
 175                                 .set_key = _set_key,
 176                                 .destroy = _destroy,
 177                         },
 178                 },
 179         );
 180
 181         switch (algo)
 182         {
 183                 case ENCR_NULL:
 184                         this->cipher = EVP_enc_null();
 185                         key_size = 0;
 186                         break;
 187                 case ENCR_AES_CBC:
 188                         switch (key_size)
 189                         {
 190                                 case 0:
 191                                         key_size = 16;
 192                                         /* FALL */
 193                                 case 16:        /* AES 128 */
 194                                         this->cipher = EVP_get_cipherbyname("aes128");
 195                                         break;
 196                                 case 24:        /* AES-192 */
 197                                         this->cipher = EVP_get_cipherbyname("aes192");
 198                                         break;
 199                                 case 32:        /* AES-256 */
 200                                         this->cipher = EVP_get_cipherbyname("aes256");
 201                                         break;
 202                                 default:
 203                                         free(this);
 204                                         return NULL;
 205                         }
 206                         break;
 207                 case ENCR_CAMELLIA_CBC:
 208                         switch (key_size)
 209                         {
 210                                 case 0:
 211                                         key_size = 16;
 212                                         /* FALL */
 213                                 case 16:        /* CAMELLIA 128 */
 214                                         this->cipher = EVP_get_cipherbyname("camellia128");
 215                                         break;
 216                                 case 24:        /* CAMELLIA 192 */
 217                                         this->cipher = EVP_get_cipherbyname("camellia192");
 218                                         break;
 219                                 case 32:        /* CAMELLIA 256 */
 220                                         this->cipher = EVP_get_cipherbyname("camellia256");
 221                                         break;
 222                                 default:
 223                                         free(this);
 224                                         return NULL;
 225                         }
 226                         break;
 227                 case ENCR_DES_ECB:
 228                         key_size = 8;
 229                         this->cipher = EVP_des_ecb();
 230                         break;
 231                 default:
 232                 {
 233                         char* name;
 234
 235                         name = lookup_algorithm(algo, &key_size);
 236                         if (!name)
 237                         {
 238                                 /* algo unavailable or key_size invalid */
 239                                 free(this);
 240                                 return NULL;
 241                         }
 242                         this->cipher = EVP_get_cipherbyname(name);
 243                         break;
 244                 }
 245         }
 246
 247         if (!this->cipher)
 248         {
 249                 /* OpenSSL does not support the requested algo */
 250                 free(this);
 251                 return NULL;
 252         }
 253
 254         this->key = chunk_alloc(key_size);
 255
 256         return &this->public;
 257 }