crypt.c

   1 /*
   2  * Copyright (C) 2005-2006 Andre Noll <maan@systemlinux.org>
   3  *
   4  *     This program is free software; you can redistribute it and/or modify
   5  *     it under the terms of the GNU General Public License as published by
   6  *     the Free Software Foundation; either version 2 of the License, or
   7  *     (at your option) any later version.
   8  *
   9  *     This program is distributed in the hope that it will be useful,
  10  *     but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  *     GNU General Public License for more details.
  13  *
  14  *     You should have received a copy of the GNU General Public License
  15  *     along with this program; if not, write to the Free Software
  16  *     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111, USA.
  17  */
  18
  19 /** \file crypt.c openssl-based RSA encryption/decryption routines */
  20
  21 #include "para.h"
  22 #include "error.h"
  23 #include "string.h"
  24 #include "crypt.h"
  25
  26 static EVP_PKEY *load_key(const char *file, int private)
  27 {
  28         BIO *key;
  29         EVP_PKEY *pkey = NULL;
  30
  31         key = BIO_new(BIO_s_file());
  32         if (!key)
  33                 return NULL;
  34         if (BIO_read_filename(key, file) > 0) {
  35                 if (private == LOAD_PRIVATE_KEY)
  36                         pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, NULL);
  37                 else
  38                         pkey = PEM_read_bio_PUBKEY(key, NULL, NULL, NULL);
  39         }
  40         BIO_free(key);
  41         return pkey;
  42 }
  43
  44
  45 int get_rsa_key(char *key_file, RSA **rsa, int private)
  46 {
  47         EVP_PKEY *key = load_key(key_file, private);
  48
  49         if (!key)
  50                 return (private == LOAD_PRIVATE_KEY)? -E_PRIVATE_KEY : -E_PUBLIC_KEY;
  51         *rsa = EVP_PKEY_get1_RSA(key);
  52         EVP_PKEY_free(key);
  53         if (!*rsa)
  54                 return -E_RSA;
  55         return RSA_size(*rsa);
  56 }
  57
  58 /**
  59  * decrypt a buffer using an RSA key
  60  *
  61  * \param key_file full path of the rsa key
  62  * \param outbuf the output buffer
  63  * \param inbuf the encrypted input buffer
  64  * \param rsa_inlen the length of \a inbuf
  65  *
  66  * The \a outbuf must be large enough to hold at least \a rsa_inlen bytes.
  67  *
  68  * \return The size of the recovered plaintext on success, negative on errors.
  69  *
  70  * \sa RSA_private_decrypt(3)
  71  **/
  72 int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *inbuf,
  73                         int rsa_inlen)
  74 {
  75         RSA *rsa;
  76         int ret = get_rsa_key(key_file, &rsa, LOAD_PRIVATE_KEY);
  77
  78         if (ret < 0)
  79                 return ret;
  80         ret = RSA_private_decrypt(rsa_inlen, inbuf, outbuf, rsa, RSA_PKCS1_PADDING);
  81         return (ret > 0)? ret : -E_DECRYPT;
  82 }
  83
  84 /**
  85  * decrypt the challenge number sent by para_server
  86  *
  87  * \param key_file full path of the rsa key
  88  * \param challenge_nr result is stored here
  89  * \param inbuf the input buffer
  90  * \param rsa_inlen the length of \a inbuf
  91  *
  92  * \return positive on success, negative on errors
  93  *
  94  * \sa para_decrypt_buffer()
  95  */
  96 int para_decrypt_challenge(char *key_file, long unsigned *challenge_nr,
  97                 unsigned char *inbuf, int rsa_inlen)
  98 {
  99         unsigned char *rsa_out = OPENSSL_malloc(rsa_inlen + 1);
 100         int ret = para_decrypt_buffer(key_file, rsa_out, inbuf, rsa_inlen);
 101
 102         if (ret >= 0) {
 103                 rsa_out[ret] = '\0';
 104                 ret = sscanf((char *)rsa_out, "%lu", challenge_nr) == 1?
 105                         1 : -E_CHALLENGE;
 106         }
 107         OPENSSL_free(rsa_out);
 108         return ret;
 109 }
 110
 111 /**
 112  * encrypt a buffer using an RSA key
 113  *
 114  * \param rsa: public rsa key
 115  * \param inbuf the input buffer
 116  * \param len the length of \a inbuf
 117  * \param outbuf the output buffer
 118  *
 119  * \return The size of the encrypted data on success, negative on errors
 120  *
 121  * \sa RSA_public_encrypt(3)
 122  */
 123 int para_encrypt_buffer(RSA *rsa, unsigned char *inbuf,
 124                 const unsigned len, unsigned char *outbuf)
 125 {
 126         int ret = RSA_public_encrypt(len, inbuf, outbuf, rsa,
 127                 RSA_PKCS1_PADDING);
 128         return ret < 0?  -E_ENCRYPT : ret;
 129 }
 130
 131 /**
 132  * encrypt the given challenge number
 133  *
 134  * \param rsa: public rsa key
 135  * \param challenge_nr the number to be encrypted
 136  * \param outbuf the output buffer
 137  *
 138  * \a outbuf must be at least 64 bytes long
 139  *
 140  * \return The size of the encrypted data on success, negative on errors
 141  *
 142  * \sa para_encrypt_buffer()
 143  *
 144  */
 145 int para_encrypt_challenge(RSA* rsa, long unsigned challenge_nr,
 146         unsigned char *outbuf)
 147 {
 148         unsigned char *inbuf = (unsigned char*) make_message("%lu", challenge_nr);
 149         int ret = para_encrypt_buffer(rsa, inbuf, strlen((char *)inbuf), outbuf);
 150         free(inbuf);
 151         return ret;
 152 }
 153