trunk/rdesktop/ssl.c

/* -*- c-basic-offset: 8 -*-
   rdesktop: A Remote Desktop Protocol client.
   Secure sockets abstraction layer
   Copyright (C) Matthew Chapman 1999-2007
   Copyright (C) Jay Sorg 2006-2007

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include "rdesktop.h"
#include "ssl.h"

void
ssl_sha1_init(SSL_SHA1 * sha1)
{
        SHA1_Init(sha1);
}

void
ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len)
{
        SHA1_Update(sha1, data, len);
}

void
ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data)
{
        SHA1_Final(out_data, sha1);
}

void
ssl_md5_init(SSL_MD5 * md5)
{
        MD5_Init(md5);
}

void
ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len)
{
        MD5_Update(md5, data, len);
}

void
ssl_md5_final(SSL_MD5 * md5, uint8 * out_data)
{
        MD5_Final(out_data, md5);
}

void
ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len)
{
        RC4_set_key(rc4, len, key);
}

void
ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
{
        RC4(rc4, len, in_data, out_data);
}

static void
reverse(uint8 * p, int len)
{
        int i, j;
        uint8 temp;

        for (i = 0, j = len - 1; i < j; i++, j--)
        {
                temp = p[i];
                p[i] = p[j];
                p[j] = temp;
        }
}

void
ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
                uint8 * exponent)
{
        BN_CTX *ctx;
        BIGNUM mod, exp, x, y;
        uint8 inr[SEC_MAX_MODULUS_SIZE];
        int outlen;

        reverse(modulus, modulus_size);
        reverse(exponent, SEC_EXPONENT_SIZE);
        memcpy(inr, in, len);
        reverse(inr, len);

        ctx = BN_CTX_new();
        BN_init(&mod);
        BN_init(&exp);
        BN_init(&x);
        BN_init(&y);

        BN_bin2bn(modulus, modulus_size, &mod);
        BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
        BN_bin2bn(inr, len, &x);
        BN_mod_exp(&y, &x, &exp, &mod, ctx);
        outlen = BN_bn2bin(&y, out);
        reverse(out, outlen);
        if (outlen < modulus_size)
                memset(out + outlen, 0, modulus_size - outlen);

        BN_free(&y);
        BN_clear_free(&x);
        BN_free(&exp);
        BN_free(&mod);
        BN_CTX_free(ctx);
}

/* returns newly allocated SSL_CERT or NULL */
SSL_CERT *
ssl_cert_read(uint8 * data, uint32 len)
{
        /* this will move the data pointer but we don't care, we don't use it again */
        return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
}

void
ssl_cert_free(SSL_CERT * cert)
{
        X509_free(cert);
}

/* returns newly allocated SSL_RKEY or NULL */
SSL_RKEY *
ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
{
        EVP_PKEY *epk = NULL;
        SSL_RKEY *lkey;
        /* By some reason, Microsoft sets the OID of the Public RSA key to
           the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"

           Kudos to Richard Levitte for the following (. intiutive .) 
           lines of code that resets the OID and let's us extract the key. */
        if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption)
        {
                DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
                ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
                cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
        }
        epk = X509_get_pubkey(cert);
        if (NULL == epk)
        {
                error("Failed to extract public key from certificate\n");
                return NULL;
        }

        lkey = RSAPublicKey_dup((RSA *) epk->pkey.ptr);
        EVP_PKEY_free(epk);
        *key_len = RSA_size(lkey);
        return lkey;
}

/* returns boolean */
RD_BOOL
ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
{
        /* Currently, we don't use the CA Certificate.
           FIXME:
           *) Verify the server certificate (server_cert) with the
           CA certificate.
           *) Store the CA Certificate with the hostname of the
           server we are connecting to as key, and compare it
           when we connect the next time, in order to prevent
           MITM-attacks.
         */
        return True;
}

int
ssl_cert_print_fp(FILE * fp, SSL_CERT * cert)
{
        return X509_print_fp(fp, cert);
}

void
ssl_rkey_free(SSL_RKEY * rkey)
{
        RSA_free(rkey);
}

/* returns error */
int
ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
                     uint32 max_mod_len)
{
        uint32 len;

        if ((BN_num_bytes(rkey->e) > max_exp_len) || (BN_num_bytes(rkey->n) > max_mod_len))
        {
                return 1;
        }
        len = BN_bn2bin(rkey->e, exponent);
        reverse(exponent, len);
        len = BN_bn2bin(rkey->n, modulus);
        reverse(modulus, len);
        return 0;
}

/* returns boolean */
RD_BOOL
ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
           uint8 * signature, uint32 sig_len)
{
        /* Currently, we don't check the signature
           FIXME:
         */
        return True;
}
1	jsorg71	1374	/* -- c-basic-offset: 8 --
2			rdesktop: A Remote Desktop Protocol client.
3			Secure sockets abstraction layer
4			Copyright (C) Matthew Chapman 1999-2007
5			Copyright (C) Jay Sorg 2006-2007
6
7			This program is free software; you can redistribute it and/or modify
8			it under the terms of the GNU General Public License as published by
9			the Free Software Foundation; either version 2 of the License, or
10			(at your option) any later version.
11
12			This program is distributed in the hope that it will be useful,
13			but WITHOUT ANY WARRANTY; without even the implied warranty of
14			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			GNU General Public License for more details.
16
17			You should have received a copy of the GNU General Public License
18			along with this program; if not, write to the Free Software
19			Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20			*/
21
22			#include "rdesktop.h"
23			#include "ssl.h"
24
25			void
26			ssl_sha1_init(SSL_SHA1 * sha1)
27			{
28			SHA1_Init(sha1);
29			}
30
31			void
32			ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len)
33			{
34			SHA1_Update(sha1, data, len);
35			}
36
37			void
38			ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data)
39			{
40			SHA1_Final(out_data, sha1);
41			}
42
43			void
44			ssl_md5_init(SSL_MD5 * md5)
45			{
46			MD5_Init(md5);
47			}
48
49			void
50			ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len)
51			{
52			MD5_Update(md5, data, len);
53			}
54
55			void
56			ssl_md5_final(SSL_MD5 * md5, uint8 * out_data)
57			{
58			MD5_Final(out_data, md5);
59			}
60
61			void
62			ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len)
63			{
64			RC4_set_key(rc4, len, key);
65			}
66
67			void
68			ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
69			{
70			RC4(rc4, len, in_data, out_data);
71			}
72
73			static void
74			reverse(uint8 * p, int len)
75			{
76			int i, j;
77			uint8 temp;
78
79			for (i = 0, j = len - 1; i < j; i++, j--)
80			{
81			temp = p[i];
82			p[i] = p[j];
83			p[j] = temp;
84			}
85			}
86
87			void
88			ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
89			uint8 * exponent)
90			{
91	jsorg71	1377	BN_CTX *ctx;
92	jsorg71	1374	BIGNUM mod, exp, x, y;
93			uint8 inr[SEC_MAX_MODULUS_SIZE];
94			int outlen;
95
96			reverse(modulus, modulus_size);
97			reverse(exponent, SEC_EXPONENT_SIZE);
98			memcpy(inr, in, len);
99			reverse(inr, len);
100
101			ctx = BN_CTX_new();
102			BN_init(&mod);
103			BN_init(&exp);
104			BN_init(&x);
105			BN_init(&y);
106
107			BN_bin2bn(modulus, modulus_size, &mod);
108			BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
109			BN_bin2bn(inr, len, &x);
110			BN_mod_exp(&y, &x, &exp, &mod, ctx);
111			outlen = BN_bn2bin(&y, out);
112			reverse(out, outlen);
113			if (outlen < modulus_size)
114			memset(out + outlen, 0, modulus_size - outlen);
115
116			BN_free(&y);
117			BN_clear_free(&x);
118			BN_free(&exp);
119			BN_free(&mod);
120			BN_CTX_free(ctx);
121			}
122
123			/* returns newly allocated SSL_CERT or NULL */
124			SSL_CERT *
125			ssl_cert_read(uint8 * data, uint32 len)
126			{
127			/* this will move the data pointer but we don't care, we don't use it again */
128			return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
129			}
130
131			void
132			ssl_cert_free(SSL_CERT * cert)
133			{
134			X509_free(cert);
135			}
136
137			/* returns newly allocated SSL_RKEY or NULL */
138			SSL_RKEY *
139			ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
140			{
141	jsorg71	1377	EVP_PKEY *epk = NULL;
142			SSL_RKEY *lkey;
143	jsorg71	1374	/* By some reason, Microsoft sets the OID of the Public RSA key to
144			the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
145
146			Kudos to Richard Levitte for the following (. intiutive .)
147			lines of code that resets the OID and let's us extract the key. */
148			if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption)
149			{
150			DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
151			ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
152			cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
153			}
154			epk = X509_get_pubkey(cert);
155			if (NULL == epk)
156			{
157			error("Failed to extract public key from certificate\n");
158			return NULL;
159			}
160
161			lkey = RSAPublicKey_dup((RSA *) epk->pkey.ptr);
162			EVP_PKEY_free(epk);
163			*key_len = RSA_size(lkey);
164			return lkey;
165			}
166
167			/* returns boolean */
168			RD_BOOL
169			ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
170			{
171			/* Currently, we don't use the CA Certificate.
172			FIXME:
173			*) Verify the server certificate (server_cert) with the
174			CA certificate.
175			*) Store the CA Certificate with the hostname of the
176			server we are connecting to as key, and compare it
177			when we connect the next time, in order to prevent
178			MITM-attacks.
179	jsorg71	1377	*/
180	jsorg71	1374	return True;
181			}
182
183			int
184			ssl_cert_print_fp(FILE * fp, SSL_CERT * cert)
185			{
186			return X509_print_fp(fp, cert);
187			}
188
189			void
190			ssl_rkey_free(SSL_RKEY * rkey)
191			{
192			RSA_free(rkey);
193			}
194
195			/* returns error */
196			int
197			ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
198			uint32 max_mod_len)
199			{
200			uint32 len;
201
202			if ((BN_num_bytes(rkey->e) > max_exp_len) \|\| (BN_num_bytes(rkey->n) > max_mod_len))
203			{
204			return 1;
205			}
206			len = BN_bn2bin(rkey->e, exponent);
207			reverse(exponent, len);
208			len = BN_bn2bin(rkey->n, modulus);
209			reverse(modulus, len);
210			return 0;
211			}
212
213			/* returns boolean */
214			RD_BOOL
215			ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
216			uint8 * signature, uint32 sig_len)
217			{
218			/* Currently, we don't check the signature
219			FIXME:
220	jsorg71	1377	*/
221	jsorg71	1374	return True;
222			}