2011-07-06 07:18:00 +04:00
|
|
|
/**
|
2012-02-21 09:56:55 +04:00
|
|
|
* FreeRDP: A Remote Desktop Protocol Implementation
|
2011-07-06 07:18:00 +04:00
|
|
|
* Cryptographic Abstraction Layer
|
|
|
|
*
|
2012-02-21 09:56:55 +04:00
|
|
|
* Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
2023-02-09 10:48:11 +03:00
|
|
|
* Copyright 2023 Armin Novak <anovak@thincast.com>
|
|
|
|
* Copyright 2023 Thincast Technologies GmbH
|
2011-07-06 07:18:00 +04:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
2011-08-29 00:46:36 +04:00
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
2011-07-06 07:18:00 +04:00
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2023-02-03 16:11:25 +03:00
|
|
|
#include <errno.h>
|
|
|
|
|
2022-11-21 13:06:57 +03:00
|
|
|
#include <openssl/objects.h>
|
2023-12-08 07:48:36 +03:00
|
|
|
#include <openssl/bn.h>
|
2022-11-21 13:06:57 +03:00
|
|
|
|
2022-02-16 13:20:38 +03:00
|
|
|
#include <freerdp/config.h>
|
2012-08-15 01:09:01 +04:00
|
|
|
|
2012-11-22 04:22:41 +04:00
|
|
|
#include <winpr/crt.h>
|
2022-11-21 13:06:57 +03:00
|
|
|
#include <winpr/assert.h>
|
2012-11-22 04:22:41 +04:00
|
|
|
|
2014-09-12 16:36:29 +04:00
|
|
|
#include <freerdp/log.h>
|
2012-02-17 09:58:30 +04:00
|
|
|
#include <freerdp/crypto/crypto.h>
|
2011-07-06 07:18:00 +04:00
|
|
|
|
2023-01-30 12:50:04 +03:00
|
|
|
#include "crypto.h"
|
2023-02-03 13:40:35 +03:00
|
|
|
#include "privatekey.h"
|
2023-01-30 12:50:04 +03:00
|
|
|
|
2014-09-12 16:36:29 +04:00
|
|
|
#define TAG FREERDP_TAG("crypto")
|
|
|
|
|
2021-04-15 16:53:16 +03:00
|
|
|
static SSIZE_T crypto_rsa_common(const BYTE* input, size_t length, UINT32 key_length,
|
|
|
|
const BYTE* modulus, const BYTE* exponent, size_t exponent_size,
|
2023-01-28 14:42:54 +03:00
|
|
|
BYTE* output, size_t out_length)
|
2011-07-13 18:21:12 +04:00
|
|
|
{
|
2020-05-19 08:41:14 +03:00
|
|
|
BN_CTX* ctx = NULL;
|
2014-03-26 02:13:08 +04:00
|
|
|
int output_length = -1;
|
2020-05-19 08:41:14 +03:00
|
|
|
BYTE* input_reverse = NULL;
|
|
|
|
BYTE* modulus_reverse = NULL;
|
|
|
|
BYTE* exponent_reverse = NULL;
|
|
|
|
BIGNUM* mod = NULL;
|
|
|
|
BIGNUM* exp = NULL;
|
|
|
|
BIGNUM* x = NULL;
|
|
|
|
BIGNUM* y = NULL;
|
2023-01-28 14:42:54 +03:00
|
|
|
size_t bufferSize = 0;
|
2020-05-19 08:41:14 +03:00
|
|
|
|
2021-04-15 16:53:16 +03:00
|
|
|
if (!input || !modulus || !exponent || !output)
|
2020-05-19 08:41:14 +03:00
|
|
|
return -1;
|
|
|
|
|
2024-08-29 12:11:11 +03:00
|
|
|
if (exponent_size > INT_MAX / 2)
|
2020-06-15 09:57:21 +03:00
|
|
|
return -1;
|
|
|
|
|
2023-01-28 14:42:54 +03:00
|
|
|
if (key_length >= INT_MAX / 2 - exponent_size)
|
2020-06-15 09:57:21 +03:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
bufferSize = 2ULL * key_length + exponent_size;
|
2024-08-29 12:11:11 +03:00
|
|
|
if (length > bufferSize)
|
|
|
|
bufferSize = length;
|
2020-05-19 08:41:14 +03:00
|
|
|
|
|
|
|
input_reverse = (BYTE*)calloc(bufferSize, 1);
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2014-03-26 02:13:08 +04:00
|
|
|
if (!input_reverse)
|
|
|
|
return -1;
|
2016-11-21 19:28:54 +03:00
|
|
|
|
2012-01-19 07:40:29 +04:00
|
|
|
modulus_reverse = input_reverse + key_length;
|
|
|
|
exponent_reverse = modulus_reverse + key_length;
|
2011-07-15 09:11:09 +04:00
|
|
|
memcpy(modulus_reverse, modulus, key_length);
|
|
|
|
crypto_reverse(modulus_reverse, key_length);
|
2012-01-19 07:40:29 +04:00
|
|
|
memcpy(exponent_reverse, exponent, exponent_size);
|
|
|
|
crypto_reverse(exponent_reverse, exponent_size);
|
2011-07-15 09:11:09 +04:00
|
|
|
memcpy(input_reverse, input, length);
|
|
|
|
crypto_reverse(input_reverse, length);
|
|
|
|
|
2016-11-21 19:28:54 +03:00
|
|
|
if (!(ctx = BN_CTX_new()))
|
2023-01-28 14:42:54 +03:00
|
|
|
goto fail;
|
2016-11-21 19:28:54 +03:00
|
|
|
|
|
|
|
if (!(mod = BN_new()))
|
2023-01-28 14:42:54 +03:00
|
|
|
goto fail;
|
2016-11-21 19:28:54 +03:00
|
|
|
|
|
|
|
if (!(exp = BN_new()))
|
2023-01-28 14:42:54 +03:00
|
|
|
goto fail;
|
2011-07-13 18:21:12 +04:00
|
|
|
|
2016-11-21 19:28:54 +03:00
|
|
|
if (!(x = BN_new()))
|
2023-01-28 14:42:54 +03:00
|
|
|
goto fail;
|
2011-07-15 09:11:09 +04:00
|
|
|
|
2016-11-21 19:28:54 +03:00
|
|
|
if (!(y = BN_new()))
|
2023-01-28 14:42:54 +03:00
|
|
|
goto fail;
|
2016-11-21 19:28:54 +03:00
|
|
|
|
2024-09-25 06:35:51 +03:00
|
|
|
if (!BN_bin2bn(modulus_reverse, (int)key_length, mod))
|
2020-05-19 08:41:14 +03:00
|
|
|
goto fail;
|
|
|
|
|
2024-09-25 06:35:51 +03:00
|
|
|
if (!BN_bin2bn(exponent_reverse, (int)exponent_size, exp))
|
2020-05-19 08:41:14 +03:00
|
|
|
goto fail;
|
2024-09-25 06:35:51 +03:00
|
|
|
if (!BN_bin2bn(input_reverse, (int)length, x))
|
2020-05-19 08:41:14 +03:00
|
|
|
goto fail;
|
|
|
|
if (BN_mod_exp(y, x, exp, mod, ctx) != 1)
|
|
|
|
goto fail;
|
2016-11-21 19:28:54 +03:00
|
|
|
output_length = BN_bn2bin(y, output);
|
2020-05-19 08:41:14 +03:00
|
|
|
if (output_length < 0)
|
|
|
|
goto fail;
|
2023-01-28 14:42:54 +03:00
|
|
|
if ((size_t)output_length > out_length)
|
|
|
|
goto fail;
|
2011-07-15 09:11:09 +04:00
|
|
|
crypto_reverse(output, output_length);
|
|
|
|
|
2023-01-28 14:42:54 +03:00
|
|
|
if ((size_t)output_length < key_length)
|
|
|
|
{
|
|
|
|
size_t diff = key_length - output_length;
|
|
|
|
if ((size_t)output_length + diff > out_length)
|
|
|
|
diff = out_length - (size_t)output_length;
|
|
|
|
memset(output + output_length, 0, diff);
|
|
|
|
}
|
2011-07-13 18:21:12 +04:00
|
|
|
|
2020-05-19 08:41:14 +03:00
|
|
|
fail:
|
2016-11-21 19:28:54 +03:00
|
|
|
BN_free(y);
|
|
|
|
BN_clear_free(x);
|
|
|
|
BN_free(exp);
|
|
|
|
BN_free(mod);
|
2011-07-13 18:21:12 +04:00
|
|
|
BN_CTX_free(ctx);
|
2012-10-09 07:21:26 +04:00
|
|
|
free(input_reverse);
|
2013-08-08 02:28:31 +04:00
|
|
|
return output_length;
|
2011-07-15 09:11:09 +04:00
|
|
|
}
|
|
|
|
|
2023-01-28 14:42:54 +03:00
|
|
|
static SSIZE_T crypto_rsa_public(const BYTE* input, size_t length, const rdpCertInfo* cert,
|
|
|
|
BYTE* output, size_t output_length)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2023-01-28 14:42:54 +03:00
|
|
|
WINPR_ASSERT(cert);
|
|
|
|
return crypto_rsa_common(input, length, cert->ModulusLength, cert->Modulus, cert->exponent,
|
|
|
|
sizeof(cert->exponent), output, output_length);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2023-02-03 17:15:18 +03:00
|
|
|
static SSIZE_T crypto_rsa_private(const BYTE* input, size_t length, const rdpPrivateKey* key,
|
2023-01-28 14:42:54 +03:00
|
|
|
BYTE* output, size_t output_length)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2023-01-28 14:42:54 +03:00
|
|
|
WINPR_ASSERT(key);
|
2023-02-03 13:40:35 +03:00
|
|
|
const rdpCertInfo* info = freerdp_key_get_info(key);
|
|
|
|
WINPR_ASSERT(info);
|
|
|
|
|
|
|
|
size_t PrivateExponentLength = 0;
|
|
|
|
const BYTE* PrivateExponent = freerdp_key_get_exponent(key, &PrivateExponentLength);
|
|
|
|
return crypto_rsa_common(input, length, info->ModulusLength, info->Modulus, PrivateExponent,
|
|
|
|
PrivateExponentLength, output, output_length);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2023-01-28 14:42:54 +03:00
|
|
|
SSIZE_T crypto_rsa_public_encrypt(const BYTE* input, size_t length, const rdpCertInfo* cert,
|
|
|
|
BYTE* output, size_t output_length)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2023-01-28 14:42:54 +03:00
|
|
|
return crypto_rsa_public(input, length, cert, output, output_length);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2023-01-28 14:42:54 +03:00
|
|
|
SSIZE_T crypto_rsa_public_decrypt(const BYTE* input, size_t length, const rdpCertInfo* cert,
|
|
|
|
BYTE* output, size_t output_length)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2023-01-28 14:42:54 +03:00
|
|
|
return crypto_rsa_public(input, length, cert, output, output_length);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2023-02-03 17:15:18 +03:00
|
|
|
SSIZE_T crypto_rsa_private_encrypt(const BYTE* input, size_t length, const rdpPrivateKey* key,
|
2023-01-28 14:42:54 +03:00
|
|
|
BYTE* output, size_t output_length)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2023-01-28 14:42:54 +03:00
|
|
|
return crypto_rsa_private(input, length, key, output, output_length);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2023-02-03 17:15:18 +03:00
|
|
|
SSIZE_T crypto_rsa_private_decrypt(const BYTE* input, size_t length, const rdpPrivateKey* key,
|
2023-01-28 14:42:54 +03:00
|
|
|
BYTE* output, size_t output_length)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2023-01-28 14:42:54 +03:00
|
|
|
return crypto_rsa_private(input, length, key, output, output_length);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2021-04-15 16:53:16 +03:00
|
|
|
void crypto_reverse(BYTE* data, size_t length)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2021-04-15 16:53:16 +03:00
|
|
|
if (length < 1)
|
|
|
|
return;
|
2011-07-15 09:11:09 +04:00
|
|
|
|
2024-01-30 12:25:38 +03:00
|
|
|
for (size_t i = 0, j = length - 1; i < j; i++, j--)
|
2011-07-15 09:11:09 +04:00
|
|
|
{
|
2021-04-15 16:53:16 +03:00
|
|
|
const BYTE temp = data[i];
|
2011-07-15 09:11:09 +04:00
|
|
|
data[i] = data[j];
|
|
|
|
data[j] = temp;
|
|
|
|
}
|
2011-07-13 18:21:12 +04:00
|
|
|
}
|
2023-02-03 16:11:25 +03:00
|
|
|
|
2024-06-07 11:04:10 +03:00
|
|
|
char* crypto_read_pem(const char* WINPR_RESTRICT filename, size_t* WINPR_RESTRICT plength)
|
2023-02-03 16:11:25 +03:00
|
|
|
{
|
|
|
|
char* pem = NULL;
|
|
|
|
FILE* fp = NULL;
|
|
|
|
|
|
|
|
WINPR_ASSERT(filename);
|
|
|
|
|
|
|
|
if (plength)
|
|
|
|
*plength = 0;
|
|
|
|
|
|
|
|
fp = winpr_fopen(filename, "r");
|
|
|
|
if (!fp)
|
|
|
|
goto fail;
|
|
|
|
const int rs = _fseeki64(fp, 0, SEEK_END);
|
|
|
|
if (rs < 0)
|
|
|
|
goto fail;
|
|
|
|
const SSIZE_T size = _ftelli64(fp);
|
|
|
|
if (size < 0)
|
|
|
|
goto fail;
|
|
|
|
const int rc = _fseeki64(fp, 0, SEEK_SET);
|
|
|
|
if (rc < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
pem = calloc(size + 1, sizeof(char));
|
|
|
|
if (!pem)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
const size_t fr = fread(pem, (size_t)size, 1, fp);
|
|
|
|
if (fr != 1)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
if (plength)
|
2024-08-29 12:11:11 +03:00
|
|
|
*plength = strnlen(pem, size);
|
2024-08-26 16:39:33 +03:00
|
|
|
(void)fclose(fp);
|
2023-02-03 16:11:25 +03:00
|
|
|
return pem;
|
|
|
|
|
|
|
|
fail:
|
|
|
|
{
|
|
|
|
char buffer[8192] = { 0 };
|
|
|
|
WLog_WARN(TAG, "Failed to read PEM from file '%s' [%s]", filename,
|
|
|
|
winpr_strerror(errno, buffer, sizeof(buffer)));
|
|
|
|
}
|
2023-04-27 10:23:51 +03:00
|
|
|
if (fp)
|
2024-08-26 16:39:33 +03:00
|
|
|
(void)fclose(fp);
|
2023-02-03 16:11:25 +03:00
|
|
|
free(pem);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2024-06-07 11:04:10 +03:00
|
|
|
BOOL crypto_write_pem(const char* WINPR_RESTRICT filename, const char* WINPR_RESTRICT pem,
|
|
|
|
size_t length)
|
2023-02-03 16:11:25 +03:00
|
|
|
{
|
|
|
|
WINPR_ASSERT(filename);
|
|
|
|
WINPR_ASSERT(pem || (length == 0));
|
|
|
|
|
|
|
|
WINPR_ASSERT(filename);
|
|
|
|
WINPR_ASSERT(pem);
|
|
|
|
|
2023-02-08 16:32:24 +03:00
|
|
|
const size_t size = strnlen(pem, length) + 1;
|
|
|
|
size_t rc = 0;
|
2023-02-03 16:11:25 +03:00
|
|
|
FILE* fp = winpr_fopen(filename, "w");
|
|
|
|
if (!fp)
|
|
|
|
goto fail;
|
|
|
|
rc = fwrite(pem, 1, size, fp);
|
2024-08-26 16:39:33 +03:00
|
|
|
(void)fclose(fp);
|
2023-02-03 16:11:25 +03:00
|
|
|
fail:
|
|
|
|
if (rc == 0)
|
|
|
|
{
|
|
|
|
char buffer[8192] = { 0 };
|
|
|
|
WLog_WARN(TAG, "Failed to write PEM [%" PRIuz "] to file '%s' [%s]", length, filename,
|
|
|
|
winpr_strerror(errno, buffer, sizeof(buffer)));
|
|
|
|
}
|
|
|
|
return rc == size;
|
|
|
|
}
|