trunk/rdesktop/ssl.c

/* -*- c-basic-offset: 8 -*-
   rdesktop: A Remote Desktop Protocol client.
   Secure sockets abstraction layer
   Copyright (C) Matthew Chapman 1999-2007
   Copyright (C) Jay Sorg 2006-2007

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include "rdesktop.h"
#include "ssl.h"

void
ssl_sha1_init(SSL_SHA1 * sha1)
{
        SHA1_Init(sha1);
}

void
ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len)
{
        SHA1_Update(sha1, data, len);
}

void
ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data)
{
        SHA1_Final(out_data, sha1);
}

void
ssl_md5_init(SSL_MD5 * md5)
{
        MD5_Init(md5);
}

void
ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len)
{
        MD5_Update(md5, data, len);
}

void
ssl_md5_final(SSL_MD5 * md5, uint8 * out_data)
{
        MD5_Final(out_data, md5);
}

void
ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len)
{
        RC4_set_key(rc4, len, key);
}

void
ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
{
        RC4(rc4, len, in_data, out_data);
}

static void
reverse(uint8 * p, int len)
{
        int i, j;
        uint8 temp;

        for (i = 0, j = len - 1; i < j; i++, j--)
        {
                temp = p[i];
                p[i] = p[j];
                p[j] = temp;
        }
}

void
ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
                uint8 * exponent)
{
        BN_CTX *ctx;
        BIGNUM mod, exp, x, y;
        uint8 inr[SEC_MAX_MODULUS_SIZE];
        int outlen;

        reverse(modulus, modulus_size);
        reverse(exponent, SEC_EXPONENT_SIZE);
        memcpy(inr, in, len);
        reverse(inr, len);

        ctx = BN_CTX_new();
        BN_init(&mod);
        BN_init(&exp);
        BN_init(&x);
        BN_init(&y);

        BN_bin2bn(modulus, modulus_size, &mod);
        BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
        BN_bin2bn(inr, len, &x);
        BN_mod_exp(&y, &x, &exp, &mod, ctx);
        outlen = BN_bn2bin(&y, out);
        reverse(out, outlen);
        if (outlen < modulus_size)
                memset(out + outlen, 0, modulus_size - outlen);

        BN_free(&y);
        BN_clear_free(&x);
        BN_free(&exp);
        BN_free(&mod);
        BN_CTX_free(ctx);
}

/* returns newly allocated SSL_CERT or NULL */
SSL_CERT *
ssl_cert_read(uint8 * data, uint32 len)
{
        /* this will move the data pointer but we don't care, we don't use it again */
        return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
}

void
ssl_cert_free(SSL_CERT * cert)
{
        X509_free(cert);
}

/* returns newly allocated SSL_RKEY or NULL */
SSL_RKEY *
ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
{
        EVP_PKEY *epk = NULL;
        SSL_RKEY *lkey;
        /* By some reason, Microsoft sets the OID of the Public RSA key to
           the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"

           Kudos to Richard Levitte for the following (. intiutive .) 
           lines of code that resets the OID and let's us extract the key. */
        if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption)
        {
                DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
                ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
                cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
        }
        epk = X509_get_pubkey(cert);
        if (NULL == epk)
        {
                error("Failed to extract public key from certificate\n");
                return NULL;
        }

        lkey = RSAPublicKey_dup((RSA *) epk->pkey.ptr);
        EVP_PKEY_free(epk);
        *key_len = RSA_size(lkey);
        return lkey;
}

/* returns boolean */
RD_BOOL
ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
{
        /* Currently, we don't use the CA Certificate.
           FIXME:
           *) Verify the server certificate (server_cert) with the
           CA certificate.
           *) Store the CA Certificate with the hostname of the
           server we are connecting to as key, and compare it
           when we connect the next time, in order to prevent
           MITM-attacks.
         */
        return True;
}

int
ssl_cert_print_fp(FILE * fp, SSL_CERT * cert)
{
        return X509_print_fp(fp, cert);
}

void
ssl_rkey_free(SSL_RKEY * rkey)
{
        RSA_free(rkey);
}

/* returns error */
int
ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
                     uint32 max_mod_len)
{
        uint32 len;

        if ((BN_num_bytes(rkey->e) > max_exp_len) || (BN_num_bytes(rkey->n) > max_mod_len))
        {
                return 1;
        }
        len = BN_bn2bin(rkey->e, exponent);
        reverse(exponent, len);
        len = BN_bn2bin(rkey->n, modulus);
        reverse(modulus, len);
        return 0;
}

/* returns boolean */
RD_BOOL
ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
           uint8 * signature, uint32 sig_len)
{
        /* Currently, we don't check the signature
           FIXME:
         */
        return True;
}
1	/* -- c-basic-offset: 8 --
2	rdesktop: A Remote Desktop Protocol client.
3	Secure sockets abstraction layer
4	Copyright (C) Matthew Chapman 1999-2007
5	Copyright (C) Jay Sorg 2006-2007
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 2 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program; if not, write to the Free Software
19	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20	*/
21
22	#include "rdesktop.h"
23	#include "ssl.h"
24
25	void
26	ssl_sha1_init(SSL_SHA1 * sha1)
27	{
28	SHA1_Init(sha1);
29	}
30
31	void
32	ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len)
33	{
34	SHA1_Update(sha1, data, len);
35	}
36
37	void
38	ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data)
39	{
40	SHA1_Final(out_data, sha1);
41	}
42
43	void
44	ssl_md5_init(SSL_MD5 * md5)
45	{
46	MD5_Init(md5);
47	}
48
49	void
50	ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len)
51	{
52	MD5_Update(md5, data, len);
53	}
54
55	void
56	ssl_md5_final(SSL_MD5 * md5, uint8 * out_data)
57	{
58	MD5_Final(out_data, md5);
59	}
60
61	void
62	ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len)
63	{
64	RC4_set_key(rc4, len, key);
65	}
66
67	void
68	ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
69	{
70	RC4(rc4, len, in_data, out_data);
71	}
72
73	static void
74	reverse(uint8 * p, int len)
75	{
76	int i, j;
77	uint8 temp;
78
79	for (i = 0, j = len - 1; i < j; i++, j--)
80	{
81	temp = p[i];
82	p[i] = p[j];
83	p[j] = temp;
84	}
85	}
86
87	void
88	ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
89	uint8 * exponent)
90	{
91	BN_CTX *ctx;
92	BIGNUM mod, exp, x, y;
93	uint8 inr[SEC_MAX_MODULUS_SIZE];
94	int outlen;
95
96	reverse(modulus, modulus_size);
97	reverse(exponent, SEC_EXPONENT_SIZE);
98	memcpy(inr, in, len);
99	reverse(inr, len);
100
101	ctx = BN_CTX_new();
102	BN_init(&mod);
103	BN_init(&exp);
104	BN_init(&x);
105	BN_init(&y);
106
107	BN_bin2bn(modulus, modulus_size, &mod);
108	BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
109	BN_bin2bn(inr, len, &x);
110	BN_mod_exp(&y, &x, &exp, &mod, ctx);
111	outlen = BN_bn2bin(&y, out);
112	reverse(out, outlen);
113	if (outlen < modulus_size)
114	memset(out + outlen, 0, modulus_size - outlen);
115
116	BN_free(&y);
117	BN_clear_free(&x);
118	BN_free(&exp);
119	BN_free(&mod);
120	BN_CTX_free(ctx);
121	}
122
123	/* returns newly allocated SSL_CERT or NULL */
124	SSL_CERT *
125	ssl_cert_read(uint8 * data, uint32 len)
126	{
127	/* this will move the data pointer but we don't care, we don't use it again */
128	return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
129	}
130
131	void
132	ssl_cert_free(SSL_CERT * cert)
133	{
134	X509_free(cert);
135	}
136
137	/* returns newly allocated SSL_RKEY or NULL */
138	SSL_RKEY *
139	ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
140	{
141	EVP_PKEY *epk = NULL;
142	SSL_RKEY *lkey;
143	/* By some reason, Microsoft sets the OID of the Public RSA key to
144	the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
145
146	Kudos to Richard Levitte for the following (. intiutive .)
147	lines of code that resets the OID and let's us extract the key. */
148	if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption)
149	{
150	DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
151	ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
152	cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
153	}
154	epk = X509_get_pubkey(cert);
155	if (NULL == epk)
156	{
157	error("Failed to extract public key from certificate\n");
158	return NULL;
159	}
160
161	lkey = RSAPublicKey_dup((RSA *) epk->pkey.ptr);
162	EVP_PKEY_free(epk);
163	*key_len = RSA_size(lkey);
164	return lkey;
165	}
166
167	/* returns boolean */
168	RD_BOOL
169	ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
170	{
171	/* Currently, we don't use the CA Certificate.
172	FIXME:
173	*) Verify the server certificate (server_cert) with the
174	CA certificate.
175	*) Store the CA Certificate with the hostname of the
176	server we are connecting to as key, and compare it
177	when we connect the next time, in order to prevent
178	MITM-attacks.
179	*/
180	return True;
181	}
182
183	int
184	ssl_cert_print_fp(FILE * fp, SSL_CERT * cert)
185	{
186	return X509_print_fp(fp, cert);
187	}
188
189	void
190	ssl_rkey_free(SSL_RKEY * rkey)
191	{
192	RSA_free(rkey);
193	}
194
195	/* returns error */
196	int
197	ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
198	uint32 max_mod_len)
199	{
200	uint32 len;
201
202	if ((BN_num_bytes(rkey->e) > max_exp_len) \|\| (BN_num_bytes(rkey->n) > max_mod_len))
203	{
204	return 1;
205	}
206	len = BN_bn2bin(rkey->e, exponent);
207	reverse(exponent, len);
208	len = BN_bn2bin(rkey->n, modulus);
209	reverse(modulus, len);
210	return 0;
211	}
212
213	/* returns boolean */
214	RD_BOOL
215	ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
216	uint8 * signature, uint32 sig_len)
217	{
218	/* Currently, we don't check the signature
219	FIXME:
220	*/
221	return True;
222	}