/release/src/router/tinc/src/gcrypt/rsa.c

https://gitlab.com/envieidoc/advancedtomato2 · C · 302 lines · 216 code · 60 blank · 26 comment · 56 complexity · d3bcdc21cc4330045057c3d7b568a24a MD5 · raw file 

    

  1. /*
    2. 

  2.     rsa.c -- RSA key handling
    3. 

  3.     Copyright (C) 2007-2012 Guus Sliepen <guus@tinc-vpn.org>
    4. 

    5. 

  5.     This program is free software; you can redistribute it and/or modify
    6. 

  6.     it under the terms of the GNU General Public License as published by
    7. 

  7.     the Free Software Foundation; either version 2 of the License, or
    8. 

  8.     (at your option) any later version.
    9. 

    10. 

  10.     This program is distributed in the hope that it will be useful,
    11. 

  11.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13. 

  13.     GNU General Public License for more details.
    14. 

    15. 

  15.     You should have received a copy of the GNU General Public License along
    16. 

  16.     with this program; if not, write to the Free Software Foundation, Inc.,
    17. 

  17.     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    18. 

  18. */
    19. 

  19. 

  20. #include "system.h"
    21. 

  21. 

  22. #include <gcrypt.h>
    23. 

  23. 

  24. #include "logger.h"
    25. 

  25. #include "rsa.h"
    26. 

  26. 

  27. // Base64 decoding table
    28. 

  28. 

  29. static const uint8_t b64d[128] = {
    30. 

  30.   0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    31. 

  31.   0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    32. 

  32.   0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    33. 

  33.   0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    34. 

  34.   0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    35. 

  35.   0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    36. 

  36.   0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    37. 

  37.   0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
    38. 

  38.   0x34, 0x35, 0x36, 0x37, 0x38, 0x39,
    39. 

  39.   0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff,
    40. 

  40.   0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
    41. 

  41.   0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
    42. 

  42.   0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
    43. 

  43.   0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
    44. 

  44.   0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
    45. 

  45.   0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
    46. 

  46.   0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
    47. 

  47.   0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
    48. 

  48.   0x25, 0x26, 0x27, 0x28, 0x29, 0x2a,
    49. 

  49.   0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
    50. 

  50.   0x31, 0x32, 0x33, 0xff, 0xff, 0xff,
    51. 

  51.   0xff, 0xff
    52. 

  52. };
    53. 

  53. 

  54. // PEM encoding/decoding functions
    55. 

  55. 

  56. static bool pem_decode(FILE *fp, const char *header, uint8_t *buf, size_t size, size_t *outsize) {
    57. 

  57. 	bool decode = false;
    58. 

  58. 	char line[1024];
    59. 

  59. 	uint16_t word = 0;
    60. 

  60. 	int shift = 10;
    61. 

  61. 	size_t i, j = 0;
    62. 

  62. 

  63. 	while(!feof(fp)) {
    64. 

  64. 		if(!fgets(line, sizeof line, fp))
    65. 

  65. 			return false;
    66. 

  66. 

  67. 		if(!decode && !strncmp(line, "-----BEGIN ", 11)) {
    68. 

  68. 			if(!strncmp(line + 11, header, strlen(header)))
    69. 

  69. 				decode = true;
    70. 

  70. 			continue;
    71. 

  71. 		}
    72. 

  72. 

  73. 		if(decode && !strncmp(line, "-----END", 8)) {
    74. 

  74. 			break;
    75. 

  75. 		}
    76. 

  76. 

  77. 		if(!decode)
    78. 

  78. 			continue;
    79. 

  79. 

  80. 		for(i = 0; line[i] >= ' '; i++) {
    81. 

  81. 			if((signed char)line[i] < 0 || b64d[(int)line[i]] == 0xff)
    82. 

  82. 				break;
    83. 

  83. 			word |= b64d[(int)line[i]] << shift;
    84. 

  84. 			shift -= 6;
    85. 

  85. 			if(shift <= 2) {
    86. 

  86. 				if(j > size) {
    87. 

  87. 					errno = ENOMEM;
    88. 

  88. 					return false;
    89. 

  89. 				}
    90. 

  90. 

  91. 				buf[j++] = word >> 8;
    92. 

  92. 				word <<= 8;
    93. 

  93. 				shift += 8;
    94. 

  94. 			}
    95. 

  95. 		}
    96. 

  96. 	}
    97. 

  97. 

  98. 	if(outsize)
    99. 

  99. 		*outsize = j;
    100. 

  100. 	return true;
    101. 

  101. }
    102. 

  102. 

  103. 

  104. // BER decoding functions
    105. 

  105. 

  106. static int ber_read_id(unsigned char **p, size_t *buflen) {
    107. 

  107. 	if(*buflen <= 0)
    108. 

  108. 		return -1;
    109. 

  109. 

  110. 	if((**p & 0x1f) == 0x1f) {
    111. 

  111. 		int id = 0;
    112. 

  112. 		bool more;
    113. 

  113. 		while(*buflen > 0) {
    114. 

  114. 			id <<= 7;
    115. 

  115. 			id |= **p & 0x7f;
    116. 

  116. 			more = *(*p)++ & 0x80;
    117. 

  117. 			(*buflen)--;
    118. 

  118. 			if(!more)
    119. 

  119. 				break;
    120. 

  120. 		}
    121. 

  121. 		return id;
    122. 

  122. 	} else {
    123. 

  123. 		(*buflen)--;
    124. 

  124. 		return *(*p)++ & 0x1f;
    125. 

  125. 	}
    126. 

  126. }
    127. 

  127. 

  128. static size_t ber_read_len(unsigned char **p, size_t *buflen) {
    129. 

  129. 	if(*buflen <= 0)
    130. 

  130. 		return -1;
    131. 

  131. 

  132. 	if(**p & 0x80) {
    133. 

  133. 		size_t result = 0;
    134. 

  134. 		int len = *(*p)++ & 0x7f;
    135. 

  135. 		(*buflen)--;
    136. 

  136. 		if(len > *buflen)
    137. 

  137. 			return 0;
    138. 

  138. 

  139. 		while(len--) {
    140. 

  140. 			result <<= 8;
    141. 

  141. 			result |= *(*p)++;
    142. 

  142. 			(*buflen)--;
    143. 

  143. 		}
    144. 

  144. 

  145. 		return result;
    146. 

  146. 	} else {
    147. 

  147. 		(*buflen)--;
    148. 

  148. 		return *(*p)++;
    149. 

  149. 	}
    150. 

  150. }
    151. 

  151. 

  152. 

  153. static bool ber_read_sequence(unsigned char **p, size_t *buflen, size_t *result) {
    154. 

  154. 	int tag = ber_read_id(p, buflen);
    155. 

  155. 	size_t len = ber_read_len(p, buflen);
    156. 

  156. 

  157. 	if(tag == 0x10) {
    158. 

  158. 		if(result)
    159. 

  159. 			*result = len;
    160. 

  160. 		return true;
    161. 

  161. 	} else {
    162. 

  162. 		return false;
    163. 

  163. 	}
    164. 

  164. }
    165. 

  165. 

  166. static bool ber_read_mpi(unsigned char **p, size_t *buflen, gcry_mpi_t *mpi) {
    167. 

  167. 	int tag = ber_read_id(p, buflen);
    168. 

  168. 	size_t len = ber_read_len(p, buflen);
    169. 

  169. 	gcry_error_t err = 0;
    170. 

  170. 

  171. 	if(tag != 0x02 || len > *buflen)
    172. 

  172. 		return false;
    173. 

  173. 

  174. 	if(mpi)
    175. 

  175. 		err = gcry_mpi_scan(mpi, GCRYMPI_FMT_USG, *p, len, NULL);
    176. 

  176. 

  177. 	*p += len;
    178. 

  178. 	*buflen -= len;
    179. 

  179. 

  180. 	return mpi ? !err : true;
    181. 

  181. }
    182. 

  182. 

  183. bool rsa_set_hex_public_key(rsa_t *rsa, char *n, char *e) {
    184. 

  184. 	gcry_error_t err = 0;
    185. 

  185. 

  186. 	err = gcry_mpi_scan(&rsa->n, GCRYMPI_FMT_HEX, n, 0, NULL)
    187. 

  187. 		?: gcry_mpi_scan(&rsa->e, GCRYMPI_FMT_HEX, e, 0, NULL);
    188. 

  188. 

  189. 	if(err) {
    190. 

  190. 		logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading RSA public key: %s", gcry_strerror(errno));
    191. 

  191. 		return false;
    192. 

  192. 	}
    193. 

  193. 

  194. 	return true;
    195. 

  195. }
    196. 

  196. 

  197. bool rsa_set_hex_private_key(rsa_t *rsa, char *n, char *e, char *d) {
    198. 

  198. 	gcry_error_t err = 0;
    199. 

  199. 

  200. 	err = gcry_mpi_scan(&rsa->n, GCRYMPI_FMT_HEX, n, 0, NULL)
    201. 

  201. 		?: gcry_mpi_scan(&rsa->e, GCRYMPI_FMT_HEX, e, 0, NULL)
    202. 

  202. 		?: gcry_mpi_scan(&rsa->d, GCRYMPI_FMT_HEX, d, 0, NULL);
    203. 

  203. 

  204. 	if(err) {
    205. 

  205. 		logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading RSA public key: %s", gcry_strerror(errno));
    206. 

  206. 		return false;
    207. 

  207. 	}
    208. 

  208. 

  209. 	return true;
    210. 

  210. }
    211. 

  211. 

  212. // Read PEM RSA keys
    213. 

  213. 

  214. bool rsa_read_pem_public_key(rsa_t *rsa, FILE *fp) {
    215. 

  215. 	uint8_t derbuf[8096], *derp = derbuf;
    216. 

  216. 	size_t derlen;
    217. 

  217. 

  218. 	if(!pem_decode(fp, "RSA PUBLIC KEY", derbuf, sizeof derbuf, &derlen)) {
    219. 

  219. 		logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read RSA public key: %s", strerror(errno));
    220. 

  220. 		return NULL;
    221. 

  221. 	}
    222. 

  222. 

  223. 	if(!ber_read_sequence(&derp, &derlen, NULL)
    224. 

  224. 			|| !ber_read_mpi(&derp, &derlen, &rsa->n)
    225. 

  225. 			|| !ber_read_mpi(&derp, &derlen, &rsa->e)
    226. 

  226. 			|| derlen) {
    227. 

  227. 		logger(DEBUG_ALWAYS, LOG_ERR, "Error while decoding RSA public key");
    228. 

  228. 		return NULL;
    229. 

  229. 	}
    230. 

  230. 

  231. 	return true;
    232. 

  232. }
    233. 

  233. 

  234. bool rsa_read_pem_private_key(rsa_t *rsa, FILE *fp) {
    235. 

  235. 	uint8_t derbuf[8096], *derp = derbuf;
    236. 

  236. 	size_t derlen;
    237. 

  237. 

  238. 	if(!pem_decode(fp, "RSA PRIVATE KEY", derbuf, sizeof derbuf, &derlen)) {
    239. 

  239. 		logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read RSA private key: %s", strerror(errno));
    240. 

  240. 		return NULL;
    241. 

  241. 	}
    242. 

  242. 

  243. 	if(!ber_read_sequence(&derp, &derlen, NULL)
    244. 

  244. 			|| !ber_read_mpi(&derp, &derlen, NULL)
    245. 

  245. 			|| !ber_read_mpi(&derp, &derlen, &rsa->n)
    246. 

  246. 			|| !ber_read_mpi(&derp, &derlen, &rsa->e)
    247. 

  247. 			|| !ber_read_mpi(&derp, &derlen, &rsa->d)
    248. 

  248. 			|| !ber_read_mpi(&derp, &derlen, NULL) // p
    249. 

  249. 			|| !ber_read_mpi(&derp, &derlen, NULL) // q
    250. 

  250. 			|| !ber_read_mpi(&derp, &derlen, NULL)
    251. 

  251. 			|| !ber_read_mpi(&derp, &derlen, NULL)
    252. 

  252. 			|| !ber_read_mpi(&derp, &derlen, NULL) // u
    253. 

  253. 			|| derlen) {
    254. 

  254. 		logger(DEBUG_ALWAYS, LOG_ERR, "Error while decoding RSA private key");
    255. 

  255. 		return NULL;
    256. 

  256. 	}
    257. 

  257. 

  258. 	return true;
    259. 

  259. }
    260. 

  260. 

  261. size_t rsa_size(rsa_t *rsa) {
    262. 

  262. 	return (gcry_mpi_get_nbits(rsa->n) + 7) / 8;
    263. 

  263. }
    264. 

  264. 

  265. /* Well, libgcrypt has functions to handle RSA keys, but they suck.
    266. 

  266.  * So we just use libgcrypt's mpi functions, and do the math ourselves.
    267. 

  267.  */
    268. 

  268. 

  269. // TODO: get rid of this macro, properly clean up gcry_ structures after use
    270. 

  270. #define check(foo) { gcry_error_t err = (foo); if(err) {logger(DEBUG_ALWAYS, LOG_ERR, "gcrypt error %s/%s at %s:%d", gcry_strsource(err), gcry_strerror(err), __FILE__, __LINE__); return false; }}
    271. 

  271. 

  272. bool rsa_public_encrypt(rsa_t *rsa, void *in, size_t len, void *out) {
    273. 

  273. 	gcry_mpi_t inmpi;
    274. 

  274. 	check(gcry_mpi_scan(&inmpi, GCRYMPI_FMT_USG, in, len, NULL));
    275. 

  275. 

  276. 	gcry_mpi_t outmpi = gcry_mpi_new(len * 8);
    277. 

  277. 	gcry_mpi_powm(outmpi, inmpi, rsa->e, rsa->n);
    278. 

  278. 

  279. 	int pad = len - (gcry_mpi_get_nbits(outmpi) + 7) / 8;
    280. 

  280. 	while(pad--)
    281. 

  281. 		*(char *)out++ = 0;
    282. 

  282. 

  283. 	check(gcry_mpi_print(GCRYMPI_FMT_USG, out,len, NULL, outmpi));
    284. 

  284. 

  285. 	return true;
    286. 

  286. }
    287. 

  287. 

  288. bool rsa_private_decrypt(rsa_t *rsa, void *in, size_t len, void *out) {
    289. 

  289. 	gcry_mpi_t inmpi;
    290. 

  290. 	check(gcry_mpi_scan(&inmpi, GCRYMPI_FMT_USG, in, len, NULL));
    291. 

  291. 

  292. 	gcry_mpi_t outmpi = gcry_mpi_new(len * 8);
    293. 

  293. 	gcry_mpi_powm(outmpi, inmpi, rsa->d, rsa->n);
    294. 

  294. 

  295. 	int pad = len - (gcry_mpi_get_nbits(outmpi) + 7) / 8;
    296. 

  296. 	while(pad--)
    297. 

  297. 		*(char *)out++ = 0;
    298. 

  298. 

  299. 	check(gcry_mpi_print(GCRYMPI_FMT_USG, out,len, NULL, outmpi));
    300. 

  300. 

  301. 	return true;
    302. 

  302. }
    303.