crypt.c

   1 /*
   2  * Copyright (C) 2005-2006 Andre Noll <maan@systemlinux.org>
   3  *
   4  *     This program is free software; you can redistribute it and/or modify
   5  *     it under the terms of the GNU General Public License as published by
   6  *     the Free Software Foundation; either version 2 of the License, or
   7  *     (at your option) any later version.
   8  *
   9  *     This program is distributed in the hope that it will be useful,
  10  *     but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  *     GNU General Public License for more details.
  13  *
  14  *     You should have received a copy of the GNU General Public License
  15  *     along with this program; if not, write to the Free Software
  16  *     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111, USA.
  17  */
  18
  19 /** \file crypt.c openssl-based RSA encryption/decryption routines */
  20
  21 #include <openssl/pem.h>
  22 #include "para.h"
  23 #include "error.h"
  24 #include "string.h"
  25
  26 /** \cond used to distinguish between loading of private/public key */
  27 #define LOAD_PUBLIC_KEY 0
  28 #define LOAD_PRIVATE_KEY 1
  29 /** \endcond **/
  30
  31 static EVP_PKEY *load_key(const char *file, int private)
  32 {
  33         BIO *key;
  34         EVP_PKEY *pkey = NULL;
  35
  36         key = BIO_new(BIO_s_file());
  37         if (!key)
  38                 return NULL;
  39         if (BIO_read_filename(key, file) > 0) {
  40                 if (private == LOAD_PRIVATE_KEY)
  41                         pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, NULL);
  42                 else
  43                         pkey = PEM_read_bio_PUBKEY(key, NULL, NULL, NULL);
  44         }
  45         BIO_free(key);
  46         return pkey;
  47 }
  48
  49 static int get_key(char *key_file, RSA **rsa, int private)
  50 {
  51         EVP_PKEY *key = load_key(key_file, private);
  52
  53         if (!key)
  54                 return (private == LOAD_PRIVATE_KEY)? -E_PRIVATE_KEY : -E_PUBLIC_KEY;
  55         *rsa = EVP_PKEY_get1_RSA(key);
  56         EVP_PKEY_free(key);
  57         if (!*rsa)
  58                 return -E_RSA;
  59         return RSA_size(*rsa);
  60 }
  61
  62 /**
  63  * decrypt a buffer using an RSA key
  64  *
  65  * \param key_file full path of the rsa key
  66  * \param outbuf the output buffer
  67  * \param inbuf the encrypted input buffer
  68  * \param rsa_inlen the length of \a inbuf
  69  *
  70  * The \a outbuf must be large enough to hold at least \a rsa_inlen bytes.
  71  *
  72  * \return The size of the recovered plaintext on success, negative on errors.
  73  *
  74  * \sa RSA_private_decrypt(3)
  75  **/
  76 int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *inbuf,
  77                         int rsa_inlen)
  78 {
  79         RSA *rsa;
  80         int ret = get_key(key_file, &rsa, LOAD_PRIVATE_KEY);
  81
  82         if (ret < 0)
  83                 return ret;
  84         ret = RSA_private_decrypt(rsa_inlen, inbuf, outbuf, rsa, RSA_PKCS1_PADDING);
  85         return (ret > 0)? ret : -E_DECRYPT;
  86 }
  87
  88 /**
  89  * decrypt the challenge number sent by para_server
  90  *
  91  * \param key_file full path of the rsa key
  92  * \param challenge_nr result is stored here
  93  * \param inbuf the input buffer
  94  * \param rsa_inlen the length of \a inbuf
  95  *
  96  * \return positive on success, negative on errors
  97  *
  98  * \sa para_decrypt_buffer()
  99  */
 100 int para_decrypt_challenge(char *key_file, long unsigned *challenge_nr,
 101                 unsigned char *inbuf, int rsa_inlen)
 102 {
 103         unsigned char *rsa_out = OPENSSL_malloc(128);
 104         int ret = para_decrypt_buffer(key_file, rsa_out, inbuf, rsa_inlen);
 105
 106         if (ret >= 0)
 107                 ret = sscanf((char *)rsa_out, "%lu", challenge_nr) == 1?
 108                         1 : -E_CHALLENGE;
 109         OPENSSL_free(rsa_out);
 110         return ret;
 111 }
 112
 113 /**
 114  * encrypt a buffer using an RSA key
 115  *
 116  * \param key_file full path of the rsa key
 117  * \param inbuf the input buffer
 118  * \param len the length of \a inbuf
 119  * \param outbuf the output buffer
 120  *
 121  * \return The size of the encrypted data on success, negative on errors
 122  *
 123  * \sa RSA_public_encrypt(3)
 124  */
 125 int para_encrypt_buffer(char *key_file, unsigned char *inbuf,
 126                 const unsigned len, unsigned char *outbuf)
 127 {
 128         RSA *rsa;
 129         int ret = get_key(key_file, &rsa, LOAD_PUBLIC_KEY);
 130
 131         if (ret < 0)
 132                 return ret;
 133         ret = RSA_public_encrypt(len, inbuf, outbuf, rsa, RSA_PKCS1_PADDING);
 134         return ret < 0?  -E_ENCRYPT : ret;
 135 }
 136
 137 /**
 138  * encrypt the given challenge number
 139  *
 140  * \param key_file full path of the rsa key
 141  * \param challenge_nr the number to be encrypted
 142  * \param outbuf the output buffer
 143  *
 144  * \a outbuf must be at least 64 bytes long
 145  *
 146  * \return The size of the encrypted data on success, negative on errors
 147  *
 148  * \sa para_encrypt_buffer()
 149  *
 150  */
 151 int para_encrypt_challenge(char *key_file, long unsigned challenge_nr,
 152         unsigned char *outbuf)
 153 {
 154         unsigned char *inbuf = (unsigned char*) make_message("%lu", challenge_nr);
 155         int ret = para_encrypt_buffer(key_file, inbuf, strlen((char *)inbuf), outbuf);
 156         free(inbuf);
 157         return ret;
 158 }
 159