crypt.c

   1 /*
   2  * Copyright (C) 2005-2009 Andre Noll <maan@systemlinux.org>
   3  *
   4  * Licensed under the GPL v2. For licencing details see COPYING.
   5  */
   6
   7 /** \file crypt.c openssl-based RSA encryption/decryption routines */
   8
   9 #include "para.h"
  10 #include "error.h"
  11 #include "string.h"
  12 #include "crypt.h"
  13
  14 static EVP_PKEY *load_key(const char *file, int private)
  15 {
  16         BIO *key;
  17         EVP_PKEY *pkey = NULL;
  18
  19         key = BIO_new(BIO_s_file());
  20         if (!key)
  21                 return NULL;
  22         if (BIO_read_filename(key, file) > 0) {
  23                 if (private == LOAD_PRIVATE_KEY)
  24                         pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, NULL);
  25                 else
  26                         pkey = PEM_read_bio_PUBKEY(key, NULL, NULL, NULL);
  27         }
  28         BIO_free(key);
  29         return pkey;
  30 }
  31
  32 /**
  33  * read an RSA key from a file
  34  *
  35  * \param key_file the file containing the key
  36  * \param rsa RSA structure is returned here
  37  * \param private if non-zero, read the private key, otherwise the public key
  38  *
  39  * \return The size of the RSA key on success, negative on errors.
  40  *
  41  * \sa openssl(1), rsa(1).
  42  */
  43 int get_rsa_key(char *key_file, RSA **rsa, int private)
  44 {
  45         EVP_PKEY *key = load_key(key_file, private);
  46
  47         if (!key)
  48                 return (private == LOAD_PRIVATE_KEY)? -E_PRIVATE_KEY
  49                         : -E_PUBLIC_KEY;
  50         *rsa = EVP_PKEY_get1_RSA(key);
  51         EVP_PKEY_free(key);
  52         if (!*rsa)
  53                 return -E_RSA;
  54         return RSA_size(*rsa);
  55 }
  56
  57 /**
  58  * free an RSA structure
  59  *
  60  * \param rsa pointer to the RSA struct to free
  61  *
  62  * This must be called for any key obtained by get_rsa_key().
  63  */
  64 void rsa_free(RSA *rsa)
  65 {
  66         if (rsa)
  67                 RSA_free(rsa);
  68 }
  69
  70 /**
  71  * decrypt a buffer using an RSA key
  72  *
  73  * \param key_file full path of the rsa key
  74  * \param outbuf the output buffer
  75  * \param inbuf the encrypted input buffer
  76  * \param rsa_inlen the length of \a inbuf
  77  *
  78  * The \a outbuf must be large enough to hold at least \a rsa_inlen bytes.
  79  *
  80  * \return The size of the recovered plaintext on success, negative on errors.
  81  *
  82  * \sa RSA_private_decrypt(3)
  83  **/
  84 int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *inbuf,
  85                         unsigned rsa_inlen)
  86 {
  87         RSA *rsa;
  88         int ret, inlen = rsa_inlen;
  89
  90         if (inlen < 0)
  91                 return -E_RSA;
  92         ret = get_rsa_key(key_file, &rsa, LOAD_PRIVATE_KEY);
  93         if (ret < 0)
  94                 return ret;
  95         ret = RSA_private_decrypt(inlen, inbuf, outbuf, rsa, RSA_PKCS1_PADDING);
  96         rsa_free(rsa);
  97         return (ret > 0)? ret : -E_DECRYPT;
  98 }
  99
 100 /**
 101  * decrypt the challenge number sent by para_server
 102  *
 103  * \param key_file full path of the rsa key
 104  * \param challenge_nr result is stored here
 105  * \param inbuf the input buffer
 106  * \param rsa_inlen the length of \a inbuf
 107  *
 108  * \return positive on success, negative on errors
 109  *
 110  * \sa para_decrypt_buffer()
 111  */
 112 int para_decrypt_challenge(char *key_file, long unsigned *challenge_nr,
 113                 unsigned char *inbuf, unsigned rsa_inlen)
 114 {
 115         unsigned char *rsa_out = OPENSSL_malloc(rsa_inlen + 1);
 116         int ret = para_decrypt_buffer(key_file, rsa_out, inbuf, rsa_inlen);
 117
 118         if (ret >= 0) {
 119                 rsa_out[ret] = '\0';
 120                 ret = sscanf((char *)rsa_out, "%lu", challenge_nr) == 1?
 121                         1 : -E_CHALLENGE;
 122         }
 123         OPENSSL_free(rsa_out);
 124         return ret;
 125 }
 126
 127 /**
 128  * encrypt a buffer using an RSA key
 129  *
 130  * \param rsa: public rsa key
 131  * \param inbuf the input buffer
 132  * \param len the length of \a inbuf
 133  * \param outbuf the output buffer
 134  *
 135  * \return The size of the encrypted data on success, negative on errors
 136  *
 137  * \sa RSA_public_encrypt(3)
 138  */
 139 int para_encrypt_buffer(RSA *rsa, unsigned char *inbuf,
 140                 unsigned len, unsigned char *outbuf)
 141 {
 142         int ret, flen = len; /* RSA_public_encrypt expects a signed int */
 143
 144         if (flen < 0)
 145                 return -E_ENCRYPT;
 146         ret = RSA_public_encrypt(flen, inbuf, outbuf, rsa, RSA_PKCS1_PADDING);
 147         return ret < 0?  -E_ENCRYPT : ret;
 148 }
 149
 150 /**
 151  * encrypt the given challenge number
 152  *
 153  * \param rsa: public rsa key
 154  * \param challenge_nr the number to be encrypted
 155  * \param outbuf the output buffer
 156  *
 157  * \a outbuf must be at least 64 bytes long
 158  *
 159  * \return The size of the encrypted data on success, negative on errors
 160  *
 161  * \sa para_encrypt_buffer()
 162  *
 163  */
 164 int para_encrypt_challenge(RSA* rsa, long unsigned challenge_nr,
 165         unsigned char *outbuf)
 166 {
 167         unsigned char *inbuf = (unsigned char*) make_message("%lu", challenge_nr);
 168         int ret = para_encrypt_buffer(rsa, inbuf, strlen((char *)inbuf), outbuf);
 169         free(inbuf);
 170         return ret;
 171 }
 172