trunk/rdesktop/ssl.c

/* -*- c-basic-offset: 8 -*-
   rdesktop: A Remote Desktop Protocol client.
   Secure sockets abstraction layer
   Copyright (C) Matthew Chapman 1999-2007
   Copyright (C) Jay Sorg 2006-2007

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include "rdesktop.h"
#include "ssl.h"

void
ssl_sha1_init(SSL_SHA1 * sha1)
{
        SHA1_Init(sha1);
}

void
ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len)
{
        SHA1_Update(sha1, data, len);
}

void
ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data)
{
        SHA1_Final(out_data, sha1);
}

void
ssl_md5_init(SSL_MD5 * md5)
{
        MD5_Init(md5);
}

void
ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len)
{
        MD5_Update(md5, data, len);
}

void
ssl_md5_final(SSL_MD5 * md5, uint8 * out_data)
{
        MD5_Final(out_data, md5);
}

void
ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len)
{
        RC4_set_key(rc4, len, key);
}

void
ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
{
        RC4(rc4, len, in_data, out_data);
}

static void
reverse(uint8 * p, int len)
{
        int i, j;
        uint8 temp;

        for (i = 0, j = len - 1; i < j; i++, j--)
        {
                temp = p[i];
                p[i] = p[j];
                p[j] = temp;
        }
}

void
ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
                uint8 * exponent)
{
        BN_CTX *ctx;
        BIGNUM mod, exp, x, y;
        uint8 inr[SEC_MAX_MODULUS_SIZE];
        int outlen;

        reverse(modulus, modulus_size);
        reverse(exponent, SEC_EXPONENT_SIZE);
        memcpy(inr, in, len);
        reverse(inr, len);

        ctx = BN_CTX_new();
        BN_init(&mod);
        BN_init(&exp);
        BN_init(&x);
        BN_init(&y);

        BN_bin2bn(modulus, modulus_size, &mod);
        BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
        BN_bin2bn(inr, len, &x);
        BN_mod_exp(&y, &x, &exp, &mod, ctx);
        outlen = BN_bn2bin(&y, out);
        reverse(out, outlen);
        if (outlen < (int) modulus_size)
                memset(out + outlen, 0, modulus_size - outlen);

        BN_free(&y);
        BN_clear_free(&x);
        BN_free(&exp);
        BN_free(&mod);
        BN_CTX_free(ctx);
}

/* returns newly allocated SSL_CERT or NULL */
SSL_CERT *
ssl_cert_read(uint8 * data, uint32 len)
{
        /* this will move the data pointer but we don't care, we don't use it again */
        return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
}

void
ssl_cert_free(SSL_CERT * cert)
{
        X509_free(cert);
}

/* returns newly allocated SSL_RKEY or NULL */
SSL_RKEY *
ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
{
        EVP_PKEY *epk = NULL;
        SSL_RKEY *lkey;
        int nid;

        /* By some reason, Microsoft sets the OID of the Public RSA key to
           the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"

           Kudos to Richard Levitte for the following (. intiutive .) 
           lines of code that resets the OID and let's us extract the key. */
        nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
        if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption))
        {
                DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
                ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
                cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
        }
        epk = X509_get_pubkey(cert);
        if (NULL == epk)
        {
                error("Failed to extract public key from certificate\n");
                return NULL;
        }

        lkey = RSAPublicKey_dup((RSA *) epk->pkey.ptr);
        EVP_PKEY_free(epk);
        *key_len = RSA_size(lkey);
        return lkey;
}

/* returns boolean */
RD_BOOL
ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
{
        /* Currently, we don't use the CA Certificate.
           FIXME:
           *) Verify the server certificate (server_cert) with the
           CA certificate.
           *) Store the CA Certificate with the hostname of the
           server we are connecting to as key, and compare it
           when we connect the next time, in order to prevent
           MITM-attacks.
         */
        return True;
}

int
ssl_cert_print_fp(FILE * fp, SSL_CERT * cert)
{
        return X509_print_fp(fp, cert);
}

void
ssl_rkey_free(SSL_RKEY * rkey)
{
        RSA_free(rkey);
}

/* returns error */
int
ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
                     uint32 max_mod_len)
{
        int len;

        if ((BN_num_bytes(rkey->e) > (int) max_exp_len) ||
            (BN_num_bytes(rkey->n) > (int) max_mod_len))
        {
                return 1;
        }
        len = BN_bn2bin(rkey->e, exponent);
        reverse(exponent, len);
        len = BN_bn2bin(rkey->n, modulus);
        reverse(modulus, len);
        return 0;
}

/* returns boolean */
RD_BOOL
ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
           uint8 * signature, uint32 sig_len)
{
        /* Currently, we don't check the signature
           FIXME:
         */
        return True;
}
1	/* -- c-basic-offset: 8 --
2	rdesktop: A Remote Desktop Protocol client.
3	Secure sockets abstraction layer
4	Copyright (C) Matthew Chapman 1999-2007
5	Copyright (C) Jay Sorg 2006-2007
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 2 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program; if not, write to the Free Software
19	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20	*/
21
22	#include "rdesktop.h"
23	#include "ssl.h"
24
25	void
26	ssl_sha1_init(SSL_SHA1 * sha1)
27	{
28	SHA1_Init(sha1);
29	}
30
31	void
32	ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len)
33	{
34	SHA1_Update(sha1, data, len);
35	}
36
37	void
38	ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data)
39	{
40	SHA1_Final(out_data, sha1);
41	}
42
43	void
44	ssl_md5_init(SSL_MD5 * md5)
45	{
46	MD5_Init(md5);
47	}
48
49	void
50	ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len)
51	{
52	MD5_Update(md5, data, len);
53	}
54
55	void
56	ssl_md5_final(SSL_MD5 * md5, uint8 * out_data)
57	{
58	MD5_Final(out_data, md5);
59	}
60
61	void
62	ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len)
63	{
64	RC4_set_key(rc4, len, key);
65	}
66
67	void
68	ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
69	{
70	RC4(rc4, len, in_data, out_data);
71	}
72
73	static void
74	reverse(uint8 * p, int len)
75	{
76	int i, j;
77	uint8 temp;
78
79	for (i = 0, j = len - 1; i < j; i++, j--)
80	{
81	temp = p[i];
82	p[i] = p[j];
83	p[j] = temp;
84	}
85	}
86
87	void
88	ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
89	uint8 * exponent)
90	{
91	BN_CTX *ctx;
92	BIGNUM mod, exp, x, y;
93	uint8 inr[SEC_MAX_MODULUS_SIZE];
94	int outlen;
95
96	reverse(modulus, modulus_size);
97	reverse(exponent, SEC_EXPONENT_SIZE);
98	memcpy(inr, in, len);
99	reverse(inr, len);
100
101	ctx = BN_CTX_new();
102	BN_init(&mod);
103	BN_init(&exp);
104	BN_init(&x);
105	BN_init(&y);
106
107	BN_bin2bn(modulus, modulus_size, &mod);
108	BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
109	BN_bin2bn(inr, len, &x);
110	BN_mod_exp(&y, &x, &exp, &mod, ctx);
111	outlen = BN_bn2bin(&y, out);
112	reverse(out, outlen);
113	if (outlen < (int) modulus_size)
114	memset(out + outlen, 0, modulus_size - outlen);
115
116	BN_free(&y);
117	BN_clear_free(&x);
118	BN_free(&exp);
119	BN_free(&mod);
120	BN_CTX_free(ctx);
121	}
122
123	/* returns newly allocated SSL_CERT or NULL */
124	SSL_CERT *
125	ssl_cert_read(uint8 * data, uint32 len)
126	{
127	/* this will move the data pointer but we don't care, we don't use it again */
128	return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
129	}
130
131	void
132	ssl_cert_free(SSL_CERT * cert)
133	{
134	X509_free(cert);
135	}
136
137	/* returns newly allocated SSL_RKEY or NULL */
138	SSL_RKEY *
139	ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
140	{
141	EVP_PKEY *epk = NULL;
142	SSL_RKEY *lkey;
143	int nid;
144
145	/* By some reason, Microsoft sets the OID of the Public RSA key to
146	the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
147
148	Kudos to Richard Levitte for the following (. intiutive .)
149	lines of code that resets the OID and let's us extract the key. */
150	nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
151	if ((nid == NID_md5WithRSAEncryption) \|\| (nid == NID_shaWithRSAEncryption))
152	{
153	DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
154	ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
155	cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
156	}
157	epk = X509_get_pubkey(cert);
158	if (NULL == epk)
159	{
160	error("Failed to extract public key from certificate\n");
161	return NULL;
162	}
163
164	lkey = RSAPublicKey_dup((RSA *) epk->pkey.ptr);
165	EVP_PKEY_free(epk);
166	*key_len = RSA_size(lkey);
167	return lkey;
168	}
169
170	/* returns boolean */
171	RD_BOOL
172	ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
173	{
174	/* Currently, we don't use the CA Certificate.
175	FIXME:
176	*) Verify the server certificate (server_cert) with the
177	CA certificate.
178	*) Store the CA Certificate with the hostname of the
179	server we are connecting to as key, and compare it
180	when we connect the next time, in order to prevent
181	MITM-attacks.
182	*/
183	return True;
184	}
185
186	int
187	ssl_cert_print_fp(FILE * fp, SSL_CERT * cert)
188	{
189	return X509_print_fp(fp, cert);
190	}
191
192	void
193	ssl_rkey_free(SSL_RKEY * rkey)
194	{
195	RSA_free(rkey);
196	}
197
198	/* returns error */
199	int
200	ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
201	uint32 max_mod_len)
202	{
203	int len;
204
205	if ((BN_num_bytes(rkey->e) > (int) max_exp_len) \|\|
206	(BN_num_bytes(rkey->n) > (int) max_mod_len))
207	{
208	return 1;
209	}
210	len = BN_bn2bin(rkey->e, exponent);
211	reverse(exponent, len);
212	len = BN_bn2bin(rkey->n, modulus);
213	reverse(modulus, len);
214	return 0;
215	}
216
217	/* returns boolean */
218	RD_BOOL
219	ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
220	uint8 * signature, uint32 sig_len)
221	{
222	/* Currently, we don't check the signature
223	FIXME:
224	*/
225	return True;
226	}