trunk/rdesktop/ssl.c

/* -*- c-basic-offset: 8 -*-
   rdesktop: A Remote Desktop Protocol client.
   Secure sockets abstraction layer
   Copyright (C) Matthew Chapman 1999-2007
   Copyright (C) Jay Sorg 2006-2007

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include "rdesktop.h"
#include "ssl.h"

void
ssl_sha1_init(SSL_SHA1 * sha1)
{
        SHA1_Init(sha1);
}

void
ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len)
{
        SHA1_Update(sha1, data, len);
}

void
ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data)
{
        SHA1_Final(out_data, sha1);
}

void
ssl_md5_init(SSL_MD5 * md5)
{
        MD5_Init(md5);
}

void
ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len)
{
        MD5_Update(md5, data, len);
}

void
ssl_md5_final(SSL_MD5 * md5, uint8 * out_data)
{
        MD5_Final(out_data, md5);
}

void
ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len)
{
        RC4_set_key(rc4, len, key);
}

void
ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
{
        RC4(rc4, len, in_data, out_data);
}

static void
reverse(uint8 * p, int len)
{
        int i, j;
        uint8 temp;

        for (i = 0, j = len - 1; i < j; i++, j--)
        {
                temp = p[i];
                p[i] = p[j];
                p[j] = temp;
        }
}

void
ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
                uint8 * exponent)
{
        BN_CTX *ctx;
        BIGNUM mod, exp, x, y;
        uint8 inr[SEC_MAX_MODULUS_SIZE];
        int outlen;

        reverse(modulus, modulus_size);
        reverse(exponent, SEC_EXPONENT_SIZE);
        memcpy(inr, in, len);
        reverse(inr, len);

        ctx = BN_CTX_new();
        BN_init(&mod);
        BN_init(&exp);
        BN_init(&x);
        BN_init(&y);

        BN_bin2bn(modulus, modulus_size, &mod);
        BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
        BN_bin2bn(inr, len, &x);
        BN_mod_exp(&y, &x, &exp, &mod, ctx);
        outlen = BN_bn2bin(&y, out);
        reverse(out, outlen);
        if (outlen < (int) modulus_size)
                memset(out + outlen, 0, modulus_size - outlen);

        BN_free(&y);
        BN_clear_free(&x);
        BN_free(&exp);
        BN_free(&mod);
        BN_CTX_free(ctx);
}

/* returns newly allocated SSL_CERT or NULL */
SSL_CERT *
ssl_cert_read(uint8 * data, uint32 len)
{
        /* this will move the data pointer but we don't care, we don't use it again */
        return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
}

void
ssl_cert_free(SSL_CERT * cert)
{
        X509_free(cert);
}

/* returns newly allocated SSL_RKEY or NULL */
SSL_RKEY *
ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
{
        EVP_PKEY *epk = NULL;
        SSL_RKEY *lkey;
        int nid;

        /* By some reason, Microsoft sets the OID of the Public RSA key to
           the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"

           Kudos to Richard Levitte for the following (. intiutive .) 
           lines of code that resets the OID and let's us extract the key. */
        nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
        if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption))
        {
                DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
                ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
                cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
        }
        epk = X509_get_pubkey(cert);
        if (NULL == epk)
        {
                error("Failed to extract public key from certificate\n");
                return NULL;
        }

        lkey = RSAPublicKey_dup((RSA *) epk->pkey.ptr);
        EVP_PKEY_free(epk);
        *key_len = RSA_size(lkey);
        return lkey;
}

/* returns boolean */
RD_BOOL
ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
{
        /* Currently, we don't use the CA Certificate.
           FIXME:
           *) Verify the server certificate (server_cert) with the
           CA certificate.
           *) Store the CA Certificate with the hostname of the
           server we are connecting to as key, and compare it
           when we connect the next time, in order to prevent
           MITM-attacks.
         */
        return True;
}

int
ssl_cert_print_fp(FILE * fp, SSL_CERT * cert)
{
        return X509_print_fp(fp, cert);
}

void
ssl_rkey_free(SSL_RKEY * rkey)
{
        RSA_free(rkey);
}

/* returns error */
int
ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
                     uint32 max_mod_len)
{
        int len;

        if ((BN_num_bytes(rkey->e) > (int) max_exp_len) ||
            (BN_num_bytes(rkey->n) > (int) max_mod_len))
        {
                return 1;
        }
        len = BN_bn2bin(rkey->e, exponent);
        reverse(exponent, len);
        len = BN_bn2bin(rkey->n, modulus);
        reverse(modulus, len);
        return 0;
}

/* returns boolean */
RD_BOOL
ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
           uint8 * signature, uint32 sig_len)
{
        /* Currently, we don't check the signature
           FIXME:
         */
        return True;
}
1	jsorg71	1374	/* -- c-basic-offset: 8 --
2			rdesktop: A Remote Desktop Protocol client.
3			Secure sockets abstraction layer
4			Copyright (C) Matthew Chapman 1999-2007
5			Copyright (C) Jay Sorg 2006-2007
6
7			This program is free software; you can redistribute it and/or modify
8			it under the terms of the GNU General Public License as published by
9			the Free Software Foundation; either version 2 of the License, or
10			(at your option) any later version.
11
12			This program is distributed in the hope that it will be useful,
13			but WITHOUT ANY WARRANTY; without even the implied warranty of
14			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			GNU General Public License for more details.
16
17			You should have received a copy of the GNU General Public License
18			along with this program; if not, write to the Free Software
19			Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20			*/
21
22			#include "rdesktop.h"
23			#include "ssl.h"
24
25			void
26			ssl_sha1_init(SSL_SHA1 * sha1)
27			{
28			SHA1_Init(sha1);
29			}
30
31			void
32			ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len)
33			{
34			SHA1_Update(sha1, data, len);
35			}
36
37			void
38			ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data)
39			{
40			SHA1_Final(out_data, sha1);
41			}
42
43			void
44			ssl_md5_init(SSL_MD5 * md5)
45			{
46			MD5_Init(md5);
47			}
48
49			void
50			ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len)
51			{
52			MD5_Update(md5, data, len);
53			}
54
55			void
56			ssl_md5_final(SSL_MD5 * md5, uint8 * out_data)
57			{
58			MD5_Final(out_data, md5);
59			}
60
61			void
62			ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len)
63			{
64			RC4_set_key(rc4, len, key);
65			}
66
67			void
68			ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
69			{
70			RC4(rc4, len, in_data, out_data);
71			}
72
73			static void
74			reverse(uint8 * p, int len)
75			{
76			int i, j;
77			uint8 temp;
78
79			for (i = 0, j = len - 1; i < j; i++, j--)
80			{
81			temp = p[i];
82			p[i] = p[j];
83			p[j] = temp;
84			}
85			}
86
87			void
88			ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
89			uint8 * exponent)
90			{
91	jsorg71	1377	BN_CTX *ctx;
92	jsorg71	1374	BIGNUM mod, exp, x, y;
93			uint8 inr[SEC_MAX_MODULUS_SIZE];
94			int outlen;
95
96			reverse(modulus, modulus_size);
97			reverse(exponent, SEC_EXPONENT_SIZE);
98			memcpy(inr, in, len);
99			reverse(inr, len);
100
101			ctx = BN_CTX_new();
102			BN_init(&mod);
103			BN_init(&exp);
104			BN_init(&x);
105			BN_init(&y);
106
107			BN_bin2bn(modulus, modulus_size, &mod);
108			BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
109			BN_bin2bn(inr, len, &x);
110			BN_mod_exp(&y, &x, &exp, &mod, ctx);
111			outlen = BN_bn2bin(&y, out);
112			reverse(out, outlen);
113	jsorg71	1393	if (outlen < (int) modulus_size)
114	jsorg71	1374	memset(out + outlen, 0, modulus_size - outlen);
115
116			BN_free(&y);
117			BN_clear_free(&x);
118			BN_free(&exp);
119			BN_free(&mod);
120			BN_CTX_free(ctx);
121			}
122
123			/* returns newly allocated SSL_CERT or NULL */
124			SSL_CERT *
125			ssl_cert_read(uint8 * data, uint32 len)
126			{
127			/* this will move the data pointer but we don't care, we don't use it again */
128			return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
129			}
130
131			void
132			ssl_cert_free(SSL_CERT * cert)
133			{
134			X509_free(cert);
135			}
136
137			/* returns newly allocated SSL_RKEY or NULL */
138			SSL_RKEY *
139			ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
140			{
141	jsorg71	1377	EVP_PKEY *epk = NULL;
142			SSL_RKEY *lkey;
143	matthewc	1468	int nid;
144
145	jsorg71	1374	/* By some reason, Microsoft sets the OID of the Public RSA key to
146			the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
147
148			Kudos to Richard Levitte for the following (. intiutive .)
149			lines of code that resets the OID and let's us extract the key. */
150	matthewc	1468	nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
151			if ((nid == NID_md5WithRSAEncryption) \|\| (nid == NID_shaWithRSAEncryption))
152	jsorg71	1374	{
153			DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
154			ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
155			cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
156			}
157			epk = X509_get_pubkey(cert);
158			if (NULL == epk)
159			{
160			error("Failed to extract public key from certificate\n");
161			return NULL;
162			}
163
164			lkey = RSAPublicKey_dup((RSA *) epk->pkey.ptr);
165			EVP_PKEY_free(epk);
166			*key_len = RSA_size(lkey);
167			return lkey;
168			}
169
170			/* returns boolean */
171			RD_BOOL
172			ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
173			{
174			/* Currently, we don't use the CA Certificate.
175			FIXME:
176			*) Verify the server certificate (server_cert) with the
177			CA certificate.
178			*) Store the CA Certificate with the hostname of the
179			server we are connecting to as key, and compare it
180			when we connect the next time, in order to prevent
181			MITM-attacks.
182	jsorg71	1377	*/
183	jsorg71	1374	return True;
184			}
185
186			int
187			ssl_cert_print_fp(FILE * fp, SSL_CERT * cert)
188			{
189			return X509_print_fp(fp, cert);
190			}
191
192			void
193			ssl_rkey_free(SSL_RKEY * rkey)
194			{
195			RSA_free(rkey);
196			}
197
198			/* returns error */
199			int
200			ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
201			uint32 max_mod_len)
202			{
203	jsorg71	1393	int len;
204	jsorg71	1374
205	jsorg71	1393	if ((BN_num_bytes(rkey->e) > (int) max_exp_len) \|\|
206			(BN_num_bytes(rkey->n) > (int) max_mod_len))
207	jsorg71	1374	{
208			return 1;
209			}
210			len = BN_bn2bin(rkey->e, exponent);
211			reverse(exponent, len);
212			len = BN_bn2bin(rkey->n, modulus);
213			reverse(modulus, len);
214			return 0;
215			}
216
217			/* returns boolean */
218			RD_BOOL
219			ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
220			uint8 * signature, uint32 sig_len)
221			{
222			/* Currently, we don't check the signature
223			FIXME:
224	jsorg71	1377	*/
225	jsorg71	1374	return True;
226			}