1 |
jsorg71 |
1374 |
/* -*- c-basic-offset: 8 -*- |
2 |
|
|
rdesktop: A Remote Desktop Protocol client. |
3 |
|
|
Secure sockets abstraction layer |
4 |
|
|
Copyright (C) Matthew Chapman 1999-2007 |
5 |
|
|
Copyright (C) Jay Sorg 2006-2007 |
6 |
|
|
|
7 |
|
|
This program is free software; you can redistribute it and/or modify |
8 |
|
|
it under the terms of the GNU General Public License as published by |
9 |
|
|
the Free Software Foundation; either version 2 of the License, or |
10 |
|
|
(at your option) any later version. |
11 |
|
|
|
12 |
|
|
This program is distributed in the hope that it will be useful, |
13 |
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 |
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 |
|
|
GNU General Public License for more details. |
16 |
|
|
|
17 |
|
|
You should have received a copy of the GNU General Public License |
18 |
|
|
along with this program; if not, write to the Free Software |
19 |
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
20 |
|
|
*/ |
21 |
|
|
|
22 |
|
|
#include "rdesktop.h" |
23 |
|
|
#include "ssl.h" |
24 |
|
|
|
25 |
|
|
void |
26 |
|
|
ssl_sha1_init(SSL_SHA1 * sha1) |
27 |
|
|
{ |
28 |
|
|
SHA1_Init(sha1); |
29 |
|
|
} |
30 |
|
|
|
31 |
|
|
void |
32 |
|
|
ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len) |
33 |
|
|
{ |
34 |
|
|
SHA1_Update(sha1, data, len); |
35 |
|
|
} |
36 |
|
|
|
37 |
|
|
void |
38 |
|
|
ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data) |
39 |
|
|
{ |
40 |
|
|
SHA1_Final(out_data, sha1); |
41 |
|
|
} |
42 |
|
|
|
43 |
|
|
void |
44 |
|
|
ssl_md5_init(SSL_MD5 * md5) |
45 |
|
|
{ |
46 |
|
|
MD5_Init(md5); |
47 |
|
|
} |
48 |
|
|
|
49 |
|
|
void |
50 |
|
|
ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len) |
51 |
|
|
{ |
52 |
|
|
MD5_Update(md5, data, len); |
53 |
|
|
} |
54 |
|
|
|
55 |
|
|
void |
56 |
|
|
ssl_md5_final(SSL_MD5 * md5, uint8 * out_data) |
57 |
|
|
{ |
58 |
|
|
MD5_Final(out_data, md5); |
59 |
|
|
} |
60 |
|
|
|
61 |
|
|
void |
62 |
|
|
ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len) |
63 |
|
|
{ |
64 |
|
|
RC4_set_key(rc4, len, key); |
65 |
|
|
} |
66 |
|
|
|
67 |
|
|
void |
68 |
|
|
ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len) |
69 |
|
|
{ |
70 |
|
|
RC4(rc4, len, in_data, out_data); |
71 |
|
|
} |
72 |
|
|
|
73 |
|
|
static void |
74 |
|
|
reverse(uint8 * p, int len) |
75 |
|
|
{ |
76 |
|
|
int i, j; |
77 |
|
|
uint8 temp; |
78 |
|
|
|
79 |
|
|
for (i = 0, j = len - 1; i < j; i++, j--) |
80 |
|
|
{ |
81 |
|
|
temp = p[i]; |
82 |
|
|
p[i] = p[j]; |
83 |
|
|
p[j] = temp; |
84 |
|
|
} |
85 |
|
|
} |
86 |
|
|
|
87 |
|
|
void |
88 |
|
|
ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, |
89 |
|
|
uint8 * exponent) |
90 |
|
|
{ |
91 |
jsorg71 |
1377 |
BN_CTX *ctx; |
92 |
jsorg71 |
1374 |
BIGNUM mod, exp, x, y; |
93 |
|
|
uint8 inr[SEC_MAX_MODULUS_SIZE]; |
94 |
|
|
int outlen; |
95 |
|
|
|
96 |
|
|
reverse(modulus, modulus_size); |
97 |
|
|
reverse(exponent, SEC_EXPONENT_SIZE); |
98 |
|
|
memcpy(inr, in, len); |
99 |
|
|
reverse(inr, len); |
100 |
|
|
|
101 |
|
|
ctx = BN_CTX_new(); |
102 |
|
|
BN_init(&mod); |
103 |
|
|
BN_init(&exp); |
104 |
|
|
BN_init(&x); |
105 |
|
|
BN_init(&y); |
106 |
|
|
|
107 |
|
|
BN_bin2bn(modulus, modulus_size, &mod); |
108 |
|
|
BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp); |
109 |
|
|
BN_bin2bn(inr, len, &x); |
110 |
|
|
BN_mod_exp(&y, &x, &exp, &mod, ctx); |
111 |
|
|
outlen = BN_bn2bin(&y, out); |
112 |
|
|
reverse(out, outlen); |
113 |
|
|
if (outlen < modulus_size) |
114 |
|
|
memset(out + outlen, 0, modulus_size - outlen); |
115 |
|
|
|
116 |
|
|
BN_free(&y); |
117 |
|
|
BN_clear_free(&x); |
118 |
|
|
BN_free(&exp); |
119 |
|
|
BN_free(&mod); |
120 |
|
|
BN_CTX_free(ctx); |
121 |
|
|
} |
122 |
|
|
|
123 |
|
|
/* returns newly allocated SSL_CERT or NULL */ |
124 |
|
|
SSL_CERT * |
125 |
|
|
ssl_cert_read(uint8 * data, uint32 len) |
126 |
|
|
{ |
127 |
|
|
/* this will move the data pointer but we don't care, we don't use it again */ |
128 |
|
|
return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len); |
129 |
|
|
} |
130 |
|
|
|
131 |
|
|
void |
132 |
|
|
ssl_cert_free(SSL_CERT * cert) |
133 |
|
|
{ |
134 |
|
|
X509_free(cert); |
135 |
|
|
} |
136 |
|
|
|
137 |
|
|
/* returns newly allocated SSL_RKEY or NULL */ |
138 |
|
|
SSL_RKEY * |
139 |
|
|
ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len) |
140 |
|
|
{ |
141 |
jsorg71 |
1377 |
EVP_PKEY *epk = NULL; |
142 |
|
|
SSL_RKEY *lkey; |
143 |
jsorg71 |
1374 |
/* By some reason, Microsoft sets the OID of the Public RSA key to |
144 |
|
|
the oid for "MD5 with RSA Encryption" instead of "RSA Encryption" |
145 |
|
|
|
146 |
|
|
Kudos to Richard Levitte for the following (. intiutive .) |
147 |
|
|
lines of code that resets the OID and let's us extract the key. */ |
148 |
|
|
if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption) |
149 |
|
|
{ |
150 |
|
|
DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); |
151 |
|
|
ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); |
152 |
|
|
cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); |
153 |
|
|
} |
154 |
|
|
epk = X509_get_pubkey(cert); |
155 |
|
|
if (NULL == epk) |
156 |
|
|
{ |
157 |
|
|
error("Failed to extract public key from certificate\n"); |
158 |
|
|
return NULL; |
159 |
|
|
} |
160 |
|
|
|
161 |
|
|
lkey = RSAPublicKey_dup((RSA *) epk->pkey.ptr); |
162 |
|
|
EVP_PKEY_free(epk); |
163 |
|
|
*key_len = RSA_size(lkey); |
164 |
|
|
return lkey; |
165 |
|
|
} |
166 |
|
|
|
167 |
|
|
/* returns boolean */ |
168 |
|
|
RD_BOOL |
169 |
|
|
ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert) |
170 |
|
|
{ |
171 |
|
|
/* Currently, we don't use the CA Certificate. |
172 |
|
|
FIXME: |
173 |
|
|
*) Verify the server certificate (server_cert) with the |
174 |
|
|
CA certificate. |
175 |
|
|
*) Store the CA Certificate with the hostname of the |
176 |
|
|
server we are connecting to as key, and compare it |
177 |
|
|
when we connect the next time, in order to prevent |
178 |
|
|
MITM-attacks. |
179 |
jsorg71 |
1377 |
*/ |
180 |
jsorg71 |
1374 |
return True; |
181 |
|
|
} |
182 |
|
|
|
183 |
|
|
int |
184 |
|
|
ssl_cert_print_fp(FILE * fp, SSL_CERT * cert) |
185 |
|
|
{ |
186 |
|
|
return X509_print_fp(fp, cert); |
187 |
|
|
} |
188 |
|
|
|
189 |
|
|
void |
190 |
|
|
ssl_rkey_free(SSL_RKEY * rkey) |
191 |
|
|
{ |
192 |
|
|
RSA_free(rkey); |
193 |
|
|
} |
194 |
|
|
|
195 |
|
|
/* returns error */ |
196 |
|
|
int |
197 |
|
|
ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, |
198 |
|
|
uint32 max_mod_len) |
199 |
|
|
{ |
200 |
|
|
uint32 len; |
201 |
|
|
|
202 |
|
|
if ((BN_num_bytes(rkey->e) > max_exp_len) || (BN_num_bytes(rkey->n) > max_mod_len)) |
203 |
|
|
{ |
204 |
|
|
return 1; |
205 |
|
|
} |
206 |
|
|
len = BN_bn2bin(rkey->e, exponent); |
207 |
|
|
reverse(exponent, len); |
208 |
|
|
len = BN_bn2bin(rkey->n, modulus); |
209 |
|
|
reverse(modulus, len); |
210 |
|
|
return 0; |
211 |
|
|
} |
212 |
|
|
|
213 |
|
|
/* returns boolean */ |
214 |
|
|
RD_BOOL |
215 |
|
|
ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len, |
216 |
|
|
uint8 * signature, uint32 sig_len) |
217 |
|
|
{ |
218 |
|
|
/* Currently, we don't check the signature |
219 |
|
|
FIXME: |
220 |
jsorg71 |
1377 |
*/ |
221 |
jsorg71 |
1374 |
return True; |
222 |
|
|
} |