Return to openssl_util.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / openssl |
1.1 misho 1: /* 2: * Copyright (C) 2008 Tobias Brunner 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: /** 17: * @defgroup openssl_util openssl_util 18: * @{ @ingroup openssl_p 19: */ 20: 21: #ifndef OPENSSL_UTIL_H_ 22: #define OPENSSL_UTIL_H_ 23: 24: #include <library.h> 25: 26: #ifdef X509_NAME 27: /* from <wincrypt.h> */ 28: # undef X509_NAME 29: #endif 30: 31: #include <openssl/bn.h> 32: #include <openssl/asn1.h> 33: 34: /** 35: * Returns the length in bytes of a field element 36: */ 37: #define EC_FIELD_ELEMENT_LEN(group) ((EC_GROUP_get_degree(group) + 7) / 8) 38: 39: /** 1.1.1.2 ! misho 40: * Derives a shared DH secret from the given keys. ! 41: * ! 42: * @param priv private key ! 43: * @param pub public key ! 44: * @param shared shared secret ! 45: * @return TRUE on success, FALSE otherwise ! 46: */ ! 47: bool openssl_compute_shared_key(EVP_PKEY *priv, EVP_PKEY *pub, chunk_t *shared); ! 48: ! 49: /** 1.1 misho 50: * Creates a hash of a given type of a chunk of data. 51: * 52: * Note: this function allocates memory for the hash 53: * 54: * @param hash_type NID of the hash 55: * @param data the chunk of data to hash 56: * @param hash chunk that contains the hash 57: * @return TRUE on success, FALSE otherwise 58: */ 59: bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash); 60: 61: /** 62: * Concatenates two bignums into a chunk, thereby enforcing the length of 63: * a single BIGNUM, if necessary, by pre-pending it with zeros. 64: * 65: * Note: this function allocates memory for the chunk 66: * 67: * @param len the length of a single BIGNUM 68: * @param a first BIGNUM 69: * @param b second BIGNUM 70: * @param chunk resulting chunk 71: * @return TRUE on success, FALSE otherwise 72: */ 73: bool openssl_bn_cat(const int len, const BIGNUM *a, const BIGNUM *b, 74: chunk_t *chunk); 75: 76: /** 77: * Splits a chunk into two bignums of equal binary length. 78: * 79: * @param chunk a chunk that contains the two BIGNUMs 80: * @param a first BIGNUM 81: * @param b second BIGNUM 82: * @return TRUE on success, FALSE otherwise 83: */ 84: bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b); 85: 86: /** 87: * Exports the given bignum (assumed to be a positive number) to a chunk in 88: * two's complement format (i.e. a zero byte is added if the MSB is set). 89: * 90: * @param bn the BIGNUM to export 91: * @param chunk the chunk (data gets allocated) 92: * @return TRUE on success, FALSE otherwise 93: */ 94: bool openssl_bn2chunk(const BIGNUM *bn, chunk_t *chunk); 95: 96: /** 97: * Allocate a chunk using the i2d function of a given object 98: * 99: * @param type type of the object 100: * @param obj object to convert to DER 101: * @returns allocated chunk of the object, or chunk_empty 102: */ 103: #define openssl_i2chunk(type, obj) ({ \ 1.1.1.2 ! misho 104: chunk_t chunk = chunk_empty; \ ! 105: int len = i2d_##type(obj, NULL); \ ! 106: if (len >= 0) { \ ! 107: chunk = chunk_alloc(len); \ ! 108: u_char *p = chunk.ptr; \ ! 109: i2d_##type(obj, &p); \ ! 110: } \ ! 111: chunk; }) 1.1 misho 112: 113: /** 114: * Convert an OpenSSL ASN1_OBJECT to a chunk. 115: * 116: * @param asn1 asn1 object to convert 117: * @return chunk, pointing into asn1 object 118: */ 119: chunk_t openssl_asn1_obj2chunk(const ASN1_OBJECT *asn1); 120: 121: /** 122: * Convert an OpenSSL ASN1_STRING to a chunk. 123: * 124: * @param asn1 asn1 string to convert 125: * @return chunk, pointing into asn1 string 126: */ 127: chunk_t openssl_asn1_str2chunk(const ASN1_STRING *asn1); 128: 129: /** 130: * Convert an openssl X509_NAME to a identification_t of type ID_DER_ASN1_DN. 131: * 132: * @param name name to convert 133: * @return identification_t, NULL on error 134: */ 135: identification_t *openssl_x509_name2id(X509_NAME *name); 136: 137: /** 138: * Check if an ASN1 oid is a an OID known by libstrongswan. 139: * 140: * @param obj openssl ASN1 object 141: * @returns OID, as defined in <asn1/oid.h> 142: */ 143: int openssl_asn1_known_oid(const ASN1_OBJECT *obj); 144: 145: /** 146: * Convert an OpenSSL ASN1_TIME to a time_t. 147: * 148: * @param time openssl ASN1_TIME 149: * @returns time_t, 0 on error 150: */ 151: time_t openssl_asn1_to_time(const ASN1_TIME *time); 152: 153: /** 154: * Compatibility macros 155: */ 156: #ifdef OPENSSL_IS_BORINGSSL 157: #define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type) 158: #endif 159: 160: /** 161: * Macros to define fallback getters/setters to access keys (BIGNUM*) for types 162: * that were made opaque with OpenSSL 1.1.0. 163: */ 164: #define OPENSSL_KEY_FALLBACK(...) VA_ARGS_DISPATCH(OPENSSL_KEY_FALLBACK, __VA_ARGS__)(__VA_ARGS__) 165: #define OPENSSL_KEY_FALLBACK3(type, k1, k2) \ 166: __attribute__((unused)) \ 167: static inline void type##_get0(const type *o, const BIGNUM **k1, const BIGNUM **k2) { \ 168: if (k1) *k1 = o->k1; \ 169: if (k2) *k2 = o->k2; } \ 170: __attribute__((unused)) \ 171: static inline int type##_set0(type *o, BIGNUM *k1, BIGNUM *k2) { \ 172: if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \ 173: if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \ 174: return 1; } 175: #define OPENSSL_KEY_FALLBACK4(type, name, k1, k2) \ 176: __attribute__((unused)) \ 177: static inline void type##_get0_##name(const type *o, const BIGNUM **k1, const BIGNUM **k2) { \ 178: if (k1) *k1 = o->k1; \ 179: if (k2) *k2 = o->k2; } \ 180: __attribute__((unused)) \ 181: static inline int type##_set0_##name(type *o, BIGNUM *k1, BIGNUM *k2) { \ 182: if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \ 183: if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \ 184: return 1; } 185: #define OPENSSL_KEY_FALLBACK5(type, name, k1, k2, k3) \ 186: __attribute__((unused)) \ 187: static inline void type##_get0_##name(const type *o, const BIGNUM **k1, const BIGNUM **k2, const BIGNUM **k3) { \ 188: if (k1) *k1 = o->k1; \ 189: if (k2) *k2 = o->k2; \ 190: if (k3) *k3 = o->k3; } \ 191: __attribute__((unused)) \ 192: static inline int type##_set0_##name(type *o, BIGNUM *k1, BIGNUM *k2, BIGNUM *k3) { \ 193: if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \ 194: if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \ 195: if (k3) { BN_clear_free(o->k3); o->k3 = k3; } \ 196: return 1; } 197: 198: #endif /** OPENSSL_UTIL_H_ @}*/