X-Git-Url: http://git.tuebingen.mpg.de/?a=blobdiff_plain;f=crypt.c;h=8986d0e7a5bc5bbab4a011fc93b8410fd758ea1a;hb=d09716570fc81b71d6ad3d5f543b5f8acf1a5e33;hp=49e9e8ae7863fed3f40881a356957f115bf31769;hpb=63c4f3404cfb3aea943949d81b03bca14dbea559;p=paraslash.git diff --git a/crypt.c b/crypt.c index 49e9e8ae..8986d0e7 100644 --- a/crypt.c +++ b/crypt.c @@ -1,10 +1,10 @@ /* - * Copyright (C) 2005-2009 Andre Noll + * Copyright (C) 2005-2011 Andre Noll * * Licensed under the GPL v2. For licencing details see COPYING. */ -/** \file crypt.c openssl-based RSA encryption/decryption routines */ +/** \file crypt.c Openssl-based encryption/decryption routines. */ #include #include @@ -13,12 +13,18 @@ #include #include #include +#include #include "para.h" #include "error.h" #include "string.h" #include "crypt.h" #include "fd.h" + +struct asymmetric_key { + RSA *rsa; +}; + /** * Fill a buffer with random content. * @@ -102,50 +108,58 @@ static EVP_PKEY *load_key(const char *file, int private) } /** - * read an RSA key from a file + * Read an asymmetric key from a file. * - * \param key_file the file containing the key - * \param rsa RSA structure is returned here - * \param private if non-zero, read the private key, otherwise the public key + * \param key_file The file containing the key. + * \param private if non-zero, read the private key, otherwise the public key. + * \param result The key structure is returned here. * - * \return The size of the RSA key on success, negative on errors. + * \return The size of the key on success, negative on errors. * * \sa openssl(1), rsa(1). */ -int get_rsa_key(char *key_file, RSA **rsa, int private) +int get_asymmetric_key(const char *key_file, int private, + struct asymmetric_key **result) { - EVP_PKEY *key = load_key(key_file, private); + struct asymmetric_key *key; + RSA *rsa; + EVP_PKEY *pkey = load_key(key_file, private); - if (!key) + if (!pkey) return (private == LOAD_PRIVATE_KEY)? -E_PRIVATE_KEY : -E_PUBLIC_KEY; - *rsa = EVP_PKEY_get1_RSA(key); - EVP_PKEY_free(key); - if (!*rsa) + rsa = EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_free(pkey); + if (!rsa) return -E_RSA; - return RSA_size(*rsa); + key = para_malloc(sizeof(*key)); + key->rsa = rsa; + *result = key; + return RSA_size(rsa); } /** - * free an RSA structure + * Deallocate an asymmetric key structure. * - * \param rsa pointer to the RSA struct to free + * \param key Pointer to the key structure to free. * - * This must be called for any key obtained by get_rsa_key(). + * This must be called for any key obtained by get_asymmetric_key(). */ -void rsa_free(RSA *rsa) +void free_asymmetric_key(struct asymmetric_key *key) { - if (rsa) - RSA_free(rsa); + if (!key) + return; + RSA_free(key->rsa); + free(key); } /** - * decrypt a buffer using an RSA key + * Decrypt a buffer using a private key. * - * \param key_file full path of the rsa key - * \param outbuf the output buffer - * \param inbuf the encrypted input buffer - * \param rsa_inlen the length of \a inbuf + * \param key_file Full path of the key. + * \param outbuf The output buffer. + * \param inbuf The encrypted input buffer. + * \param inlen The length of \a inbuf in bytes. * * The \a outbuf must be large enough to hold at least \a rsa_inlen bytes. * @@ -153,15 +167,15 @@ void rsa_free(RSA *rsa) * * \sa RSA_private_decrypt(3) **/ -int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *inbuf, - unsigned rsa_inlen) +int priv_decrypt(const char *key_file, unsigned char *outbuf, + unsigned char *inbuf, int inlen) { - RSA *rsa; - int ret, inlen = rsa_inlen; + struct asymmetric_key *priv; + int ret; if (inlen < 0) return -E_RSA; - ret = get_rsa_key(key_file, &rsa, LOAD_PRIVATE_KEY); + ret = get_asymmetric_key(key_file, LOAD_PRIVATE_KEY, &priv); if (ret < 0) return ret; /* @@ -169,40 +183,44 @@ int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *in * factor to protect against this kind of attack. */ ret = -E_BLINDING; - if (RSA_blinding_on(rsa, NULL) == 0) + if (RSA_blinding_on(priv->rsa, NULL) == 0) goto out; - ret = RSA_private_decrypt(inlen, inbuf, outbuf, rsa, RSA_PKCS1_OAEP_PADDING); - RSA_blinding_off(rsa); + ret = RSA_private_decrypt(inlen, inbuf, outbuf, priv->rsa, + RSA_PKCS1_OAEP_PADDING); + RSA_blinding_off(priv->rsa); if (ret <= 0) ret = -E_DECRYPT; out: - rsa_free(rsa); + free_asymmetric_key(priv); return ret; } /** - * encrypt a buffer using an RSA key + * Encrypt a buffer using an RSA key * - * \param rsa: public rsa key - * \param inbuf the input buffer - * \param len the length of \a inbuf - * \param outbuf the output buffer + * \param pub: The public key. + * \param inbuf The input buffer. + * \param len The length of \a inbuf. + * \param outbuf The output buffer. * - * \return The size of the encrypted data on success, negative on errors + * \return The size of the encrypted data on success, negative on errors. * * \sa RSA_public_encrypt(3) */ -int para_encrypt_buffer(RSA *rsa, unsigned char *inbuf, +int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, unsigned len, unsigned char *outbuf) { int ret, flen = len; /* RSA_public_encrypt expects a signed int */ if (flen < 0) return -E_ENCRYPT; - ret = RSA_public_encrypt(flen, inbuf, outbuf, rsa, RSA_PKCS1_OAEP_PADDING); + ret = RSA_public_encrypt(flen, inbuf, outbuf, pub->rsa, + RSA_PKCS1_OAEP_PADDING); return ret < 0? -E_ENCRYPT : ret; } +#define RC4_ALIGN 8 + /** * Encrypt and send a buffer. * @@ -218,10 +236,16 @@ int rc4_send_bin_buffer(struct rc4_context *rc4c, const char *buf, size_t len) { int ret; unsigned char *tmp; + static unsigned char remainder[RC4_ALIGN]; + size_t l1 = ROUND_DOWN(len, RC4_ALIGN), l2 = ROUND_UP(len, RC4_ALIGN); assert(len); - tmp = para_malloc(len); - RC4(&rc4c->send_key, len, (const unsigned char *)buf, tmp); + tmp = para_malloc(l2); + RC4(&rc4c->send_key, l1, (const unsigned char *)buf, tmp); + if (len > l1) { + memcpy(remainder, buf + l1, len - l1); + RC4(&rc4c->send_key, len - l1, remainder, tmp + l1); + } ret = write_all(rc4c->fd, (char *)tmp, &len); free(tmp); return ret;