X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=crypt.c;h=206b93486914aaf7896b0f6109bdd7aa57c235c9;hp=352c5b8d8e97832ed3d782ce3ad1984890ad5cf7;hb=037059c8a25ce134af1eaa6c3fa8ac96b9f7e0b6;hpb=dd462c7e1b61864d6da01a877ced78dab72e2244 diff --git a/crypt.c b/crypt.c index 352c5b8d..206b9348 100644 --- a/crypt.c +++ b/crypt.c @@ -1,10 +1,10 @@ /* - * Copyright (C) 2005-2009 Andre Noll + * Copyright (C) 2005-2011 Andre Noll * * Licensed under the GPL v2. For licencing details see COPYING. */ -/** \file crypt.c openssl-based RSA encryption/decryption routines */ +/** \file crypt.c Openssl-based encryption/decryption routines. */ #include #include @@ -13,12 +13,18 @@ #include #include #include +#include #include "para.h" #include "error.h" #include "string.h" #include "crypt.h" #include "fd.h" + +struct asymmetric_key { + RSA *rsa; +}; + /** * Fill a buffer with random content. * @@ -65,11 +71,29 @@ void init_random_seed_or_die(void) srandom(seed); } +static int check_key_file(const char *file, int private) +{ + struct stat st; + + if (stat(file, &st) != 0) + return -ERRNO_TO_PARA_ERROR(errno); + if (private != LOAD_PRIVATE_KEY) + return 0; + if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) + return -E_KEY_PERM; + return 1; +} + static EVP_PKEY *load_key(const char *file, int private) { BIO *key; EVP_PKEY *pkey = NULL; + int ret = check_key_file(file, private); + if (ret < 0) { + PARA_ERROR_LOG("%s\n", para_strerror(-ret)); + return NULL; + } key = BIO_new(BIO_s_file()); if (!key) return NULL; @@ -84,50 +108,58 @@ static EVP_PKEY *load_key(const char *file, int private) } /** - * read an RSA key from a file + * Read an asymmetric key from a file. * - * \param key_file the file containing the key - * \param rsa RSA structure is returned here - * \param private if non-zero, read the private key, otherwise the public key + * \param key_file The file containing the key. + * \param private if non-zero, read the private key, otherwise the public key. + * \param result The key structure is returned here. * - * \return The size of the RSA key on success, negative on errors. + * \return The size of the key on success, negative on errors. * * \sa openssl(1), rsa(1). */ -int get_rsa_key(char *key_file, RSA **rsa, int private) +int get_asymmetric_key(const char *key_file, int private, + struct asymmetric_key **result) { - EVP_PKEY *key = load_key(key_file, private); + struct asymmetric_key *key; + RSA *rsa; + EVP_PKEY *pkey = load_key(key_file, private); - if (!key) + if (!pkey) return (private == LOAD_PRIVATE_KEY)? -E_PRIVATE_KEY : -E_PUBLIC_KEY; - *rsa = EVP_PKEY_get1_RSA(key); - EVP_PKEY_free(key); - if (!*rsa) + rsa = EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_free(pkey); + if (!rsa) return -E_RSA; - return RSA_size(*rsa); + key = para_malloc(sizeof(*key)); + key->rsa = rsa; + *result = key; + return RSA_size(rsa); } /** - * free an RSA structure + * Deallocate an asymmetric key structure. * - * \param rsa pointer to the RSA struct to free + * \param key Pointer to the key structure to free. * - * This must be called for any key obtained by get_rsa_key(). + * This must be called for any key obtained by get_asymmetric_key(). */ -void rsa_free(RSA *rsa) +void free_asymmetric_key(struct asymmetric_key *key) { - if (rsa) - RSA_free(rsa); + if (!key) + return; + RSA_free(key->rsa); + free(key); } /** - * decrypt a buffer using an RSA key + * Decrypt a buffer using a private key. * - * \param key_file full path of the rsa key - * \param outbuf the output buffer - * \param inbuf the encrypted input buffer - * \param rsa_inlen the length of \a inbuf + * \param key_file Full path of the key. + * \param outbuf The output buffer. + * \param inbuf The encrypted input buffer. + * \param inlen The length of \a inbuf in bytes. * * The \a outbuf must be large enough to hold at least \a rsa_inlen bytes. * @@ -135,45 +167,88 @@ void rsa_free(RSA *rsa) * * \sa RSA_private_decrypt(3) **/ -int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *inbuf, - unsigned rsa_inlen) +int priv_decrypt(const char *key_file, unsigned char *outbuf, + unsigned char *inbuf, int inlen) { - RSA *rsa; - int ret, inlen = rsa_inlen; + struct asymmetric_key *priv; + int ret; if (inlen < 0) return -E_RSA; - ret = get_rsa_key(key_file, &rsa, LOAD_PRIVATE_KEY); + ret = get_asymmetric_key(key_file, LOAD_PRIVATE_KEY, &priv); if (ret < 0) return ret; - ret = RSA_private_decrypt(inlen, inbuf, outbuf, rsa, RSA_PKCS1_OAEP_PADDING); - rsa_free(rsa); - return (ret > 0)? ret : -E_DECRYPT; + /* + * RSA is vulnerable to timing attacks. Generate a random blinding + * factor to protect against this kind of attack. + */ + ret = -E_BLINDING; + if (RSA_blinding_on(priv->rsa, NULL) == 0) + goto out; + ret = RSA_private_decrypt(inlen, inbuf, outbuf, priv->rsa, + RSA_PKCS1_OAEP_PADDING); + RSA_blinding_off(priv->rsa); + if (ret <= 0) + ret = -E_DECRYPT; +out: + free_asymmetric_key(priv); + return ret; } /** - * encrypt a buffer using an RSA key + * Encrypt a buffer using an RSA key * - * \param rsa: public rsa key - * \param inbuf the input buffer - * \param len the length of \a inbuf - * \param outbuf the output buffer + * \param pub: The public key. + * \param inbuf The input buffer. + * \param len The length of \a inbuf. + * \param outbuf The output buffer. * - * \return The size of the encrypted data on success, negative on errors + * \return The size of the encrypted data on success, negative on errors. * * \sa RSA_public_encrypt(3) */ -int para_encrypt_buffer(RSA *rsa, unsigned char *inbuf, +int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, unsigned len, unsigned char *outbuf) { int ret, flen = len; /* RSA_public_encrypt expects a signed int */ if (flen < 0) return -E_ENCRYPT; - ret = RSA_public_encrypt(flen, inbuf, outbuf, rsa, RSA_PKCS1_OAEP_PADDING); + ret = RSA_public_encrypt(flen, inbuf, outbuf, pub->rsa, + RSA_PKCS1_OAEP_PADDING); return ret < 0? -E_ENCRYPT : ret; } +#define RC4_ALIGN 8 +struct stream_cipher { + RC4_KEY key; +}; + +/** + * Allocate and initialize a stream cipher structure. + * + * \param data The key. + * \param len The size of the key. + * + * \return A new stream cipher structure. + */ +struct stream_cipher *stream_cipher_new(const unsigned char *data, int len) +{ + struct stream_cipher *sc = para_malloc(sizeof(*sc)); + RC4_set_key(&sc->key, len, data); + return sc; +} + +/** + * Deallocate a stream cipher structure. + * + * \param sc A stream cipher previously obtained by stream_cipher_new(). + */ +void stream_cipher_free(struct stream_cipher *sc) +{ + free(sc); +} + /** * Encrypt and send a buffer. * @@ -189,10 +264,16 @@ int rc4_send_bin_buffer(struct rc4_context *rc4c, const char *buf, size_t len) { int ret; unsigned char *tmp; + static unsigned char remainder[RC4_ALIGN]; + size_t l1 = ROUND_DOWN(len, RC4_ALIGN), l2 = ROUND_UP(len, RC4_ALIGN); assert(len); - tmp = para_malloc(len); - RC4(&rc4c->send_key, len, (const unsigned char *)buf, tmp); + tmp = para_malloc(l2); + RC4(&rc4c->send->key, l1, (const unsigned char *)buf, tmp); + if (len > l1) { + memcpy(remainder, buf + l1, len - l1); + RC4(&rc4c->send->key, len - l1, remainder, tmp + l1); + } ret = write_all(rc4c->fd, (char *)tmp, &len); free(tmp); return ret; @@ -248,7 +329,7 @@ int rc4_recv_bin_buffer(struct rc4_context *rc4c, char *buf, size_t size) ssize_t ret = recv(rc4c->fd, tmp, size, 0); if (ret > 0) - RC4(&rc4c->recv_key, ret, tmp, (unsigned char *)buf); + RC4(&rc4c->recv->key, ret, tmp, (unsigned char *)buf); else if (ret < 0) ret = -ERRNO_TO_PARA_ERROR(errno); free(tmp);