/src/FreeRDP/libfreerdp/crypto/crypto.c
Line | Count | Source (jump to first uncovered line) |
1 | | /** |
2 | | * FreeRDP: A Remote Desktop Protocol Implementation |
3 | | * Cryptographic Abstraction Layer |
4 | | * |
5 | | * Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com> |
6 | | * Copyright 2023 Armin Novak <anovak@thincast.com> |
7 | | * Copyright 2023 Thincast Technologies GmbH |
8 | | * |
9 | | * Licensed under the Apache License, Version 2.0 (the "License"); |
10 | | * you may not use this file except in compliance with the License. |
11 | | * You may obtain a copy of the License at |
12 | | * |
13 | | * http://www.apache.org/licenses/LICENSE-2.0 |
14 | | * |
15 | | * Unless required by applicable law or agreed to in writing, software |
16 | | * distributed under the License is distributed on an "AS IS" BASIS, |
17 | | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
18 | | * See the License for the specific language governing permissions and |
19 | | * limitations under the License. |
20 | | */ |
21 | | |
22 | | #include <errno.h> |
23 | | |
24 | | #include <openssl/objects.h> |
25 | | #include <openssl/bn.h> |
26 | | |
27 | | #include <freerdp/config.h> |
28 | | |
29 | | #include <winpr/crt.h> |
30 | | #include <winpr/assert.h> |
31 | | |
32 | | #include <freerdp/log.h> |
33 | | #include <freerdp/crypto/crypto.h> |
34 | | |
35 | | #include "crypto.h" |
36 | | #include "privatekey.h" |
37 | | |
38 | | #define TAG FREERDP_TAG("crypto") |
39 | | |
40 | | static SSIZE_T crypto_rsa_common(const BYTE* input, size_t length, UINT32 key_length, |
41 | | const BYTE* modulus, const BYTE* exponent, size_t exponent_size, |
42 | | BYTE* output, size_t out_length) |
43 | 0 | { |
44 | 0 | BN_CTX* ctx = NULL; |
45 | 0 | int output_length = -1; |
46 | 0 | BYTE* input_reverse = NULL; |
47 | 0 | BYTE* modulus_reverse = NULL; |
48 | 0 | BYTE* exponent_reverse = NULL; |
49 | 0 | BIGNUM* mod = NULL; |
50 | 0 | BIGNUM* exp = NULL; |
51 | 0 | BIGNUM* x = NULL; |
52 | 0 | BIGNUM* y = NULL; |
53 | 0 | size_t bufferSize = 0; |
54 | |
|
55 | 0 | if (!input || !modulus || !exponent || !output) |
56 | 0 | return -1; |
57 | | |
58 | 0 | if (exponent_size > INT_MAX / 2) |
59 | 0 | return -1; |
60 | | |
61 | 0 | if (key_length >= INT_MAX / 2 - exponent_size) |
62 | 0 | return -1; |
63 | | |
64 | 0 | bufferSize = 2ULL * key_length + exponent_size; |
65 | 0 | if (length > bufferSize) |
66 | 0 | bufferSize = length; |
67 | |
|
68 | 0 | input_reverse = (BYTE*)calloc(bufferSize, 1); |
69 | |
|
70 | 0 | if (!input_reverse) |
71 | 0 | return -1; |
72 | | |
73 | 0 | modulus_reverse = input_reverse + key_length; |
74 | 0 | exponent_reverse = modulus_reverse + key_length; |
75 | 0 | memcpy(modulus_reverse, modulus, key_length); |
76 | 0 | crypto_reverse(modulus_reverse, key_length); |
77 | 0 | memcpy(exponent_reverse, exponent, exponent_size); |
78 | 0 | crypto_reverse(exponent_reverse, exponent_size); |
79 | 0 | memcpy(input_reverse, input, length); |
80 | 0 | crypto_reverse(input_reverse, length); |
81 | |
|
82 | 0 | if (!(ctx = BN_CTX_new())) |
83 | 0 | goto fail; |
84 | | |
85 | 0 | if (!(mod = BN_new())) |
86 | 0 | goto fail; |
87 | | |
88 | 0 | if (!(exp = BN_new())) |
89 | 0 | goto fail; |
90 | | |
91 | 0 | if (!(x = BN_new())) |
92 | 0 | goto fail; |
93 | | |
94 | 0 | if (!(y = BN_new())) |
95 | 0 | goto fail; |
96 | | |
97 | 0 | if (!BN_bin2bn(modulus_reverse, (int)key_length, mod)) |
98 | 0 | goto fail; |
99 | | |
100 | 0 | if (!BN_bin2bn(exponent_reverse, (int)exponent_size, exp)) |
101 | 0 | goto fail; |
102 | 0 | if (!BN_bin2bn(input_reverse, (int)length, x)) |
103 | 0 | goto fail; |
104 | 0 | if (BN_mod_exp(y, x, exp, mod, ctx) != 1) |
105 | 0 | goto fail; |
106 | 0 | output_length = BN_bn2bin(y, output); |
107 | 0 | if (output_length < 0) |
108 | 0 | goto fail; |
109 | 0 | if (WINPR_ASSERTING_INT_CAST(size_t, output_length) > out_length) |
110 | 0 | goto fail; |
111 | 0 | crypto_reverse(output, WINPR_ASSERTING_INT_CAST(size_t, output_length)); |
112 | | |
113 | 0 | if ((size_t)output_length < key_length) |
114 | 0 | { |
115 | 0 | size_t diff = key_length - WINPR_ASSERTING_INT_CAST(size_t, output_length); |
116 | 0 | if ((size_t)output_length + diff > out_length) |
117 | 0 | diff = out_length - (size_t)output_length; |
118 | 0 | memset(output + output_length, 0, diff); |
119 | 0 | } |
120 | | |
121 | 0 | fail: |
122 | 0 | BN_free(y); |
123 | 0 | BN_clear_free(x); |
124 | 0 | BN_free(exp); |
125 | 0 | BN_free(mod); |
126 | 0 | BN_CTX_free(ctx); |
127 | 0 | free(input_reverse); |
128 | 0 | return output_length; |
129 | 0 | } |
130 | | |
131 | | static SSIZE_T crypto_rsa_public(const BYTE* input, size_t length, const rdpCertInfo* cert, |
132 | | BYTE* output, size_t output_length) |
133 | 0 | { |
134 | 0 | WINPR_ASSERT(cert); |
135 | 0 | return crypto_rsa_common(input, length, cert->ModulusLength, cert->Modulus, cert->exponent, |
136 | 0 | sizeof(cert->exponent), output, output_length); |
137 | 0 | } |
138 | | |
139 | | static SSIZE_T crypto_rsa_private(const BYTE* input, size_t length, const rdpPrivateKey* key, |
140 | | BYTE* output, size_t output_length) |
141 | 0 | { |
142 | 0 | WINPR_ASSERT(key); |
143 | 0 | const rdpCertInfo* info = freerdp_key_get_info(key); |
144 | 0 | WINPR_ASSERT(info); |
145 | | |
146 | 0 | size_t PrivateExponentLength = 0; |
147 | 0 | const BYTE* PrivateExponent = freerdp_key_get_exponent(key, &PrivateExponentLength); |
148 | 0 | return crypto_rsa_common(input, length, info->ModulusLength, info->Modulus, PrivateExponent, |
149 | 0 | PrivateExponentLength, output, output_length); |
150 | 0 | } |
151 | | |
152 | | SSIZE_T crypto_rsa_public_encrypt(const BYTE* input, size_t length, const rdpCertInfo* cert, |
153 | | BYTE* output, size_t output_length) |
154 | 0 | { |
155 | 0 | return crypto_rsa_public(input, length, cert, output, output_length); |
156 | 0 | } |
157 | | |
158 | | SSIZE_T crypto_rsa_public_decrypt(const BYTE* input, size_t length, const rdpCertInfo* cert, |
159 | | BYTE* output, size_t output_length) |
160 | 0 | { |
161 | 0 | return crypto_rsa_public(input, length, cert, output, output_length); |
162 | 0 | } |
163 | | |
164 | | SSIZE_T crypto_rsa_private_encrypt(const BYTE* input, size_t length, const rdpPrivateKey* key, |
165 | | BYTE* output, size_t output_length) |
166 | 0 | { |
167 | 0 | return crypto_rsa_private(input, length, key, output, output_length); |
168 | 0 | } |
169 | | |
170 | | SSIZE_T crypto_rsa_private_decrypt(const BYTE* input, size_t length, const rdpPrivateKey* key, |
171 | | BYTE* output, size_t output_length) |
172 | 0 | { |
173 | 0 | return crypto_rsa_private(input, length, key, output, output_length); |
174 | 0 | } |
175 | | |
176 | | void crypto_reverse(BYTE* data, size_t length) |
177 | 0 | { |
178 | 0 | if (length < 1) |
179 | 0 | return; |
180 | | |
181 | 0 | for (size_t i = 0, j = length - 1; i < j; i++, j--) |
182 | 0 | { |
183 | 0 | const BYTE temp = data[i]; |
184 | 0 | data[i] = data[j]; |
185 | 0 | data[j] = temp; |
186 | 0 | } |
187 | 0 | } |
188 | | |
189 | | char* crypto_read_pem(const char* WINPR_RESTRICT filename, size_t* WINPR_RESTRICT plength) |
190 | 0 | { |
191 | 0 | char* pem = NULL; |
192 | 0 | FILE* fp = NULL; |
193 | |
|
194 | 0 | WINPR_ASSERT(filename); |
195 | | |
196 | 0 | if (plength) |
197 | 0 | *plength = 0; |
198 | |
|
199 | 0 | fp = winpr_fopen(filename, "r"); |
200 | 0 | if (!fp) |
201 | 0 | goto fail; |
202 | 0 | const int rs = _fseeki64(fp, 0, SEEK_END); |
203 | 0 | if (rs < 0) |
204 | 0 | goto fail; |
205 | 0 | const int64_t size = _ftelli64(fp); |
206 | 0 | if (size < 0) |
207 | 0 | goto fail; |
208 | 0 | const int rc = _fseeki64(fp, 0, SEEK_SET); |
209 | 0 | if (rc < 0) |
210 | 0 | goto fail; |
211 | | |
212 | 0 | pem = calloc(WINPR_ASSERTING_INT_CAST(size_t, size) + 1, sizeof(char)); |
213 | 0 | if (!pem) |
214 | 0 | goto fail; |
215 | | |
216 | 0 | const size_t fr = fread(pem, (size_t)size, 1, fp); |
217 | 0 | if (fr != 1) |
218 | 0 | goto fail; |
219 | | |
220 | 0 | if (plength) |
221 | 0 | *plength = strnlen(pem, WINPR_ASSERTING_INT_CAST(size_t, size)); |
222 | 0 | (void)fclose(fp); |
223 | 0 | return pem; |
224 | | |
225 | 0 | fail: |
226 | 0 | { |
227 | 0 | char buffer[8192] = { 0 }; |
228 | 0 | WLog_WARN(TAG, "Failed to read PEM from file '%s' [%s]", filename, |
229 | 0 | winpr_strerror(errno, buffer, sizeof(buffer))); |
230 | 0 | } |
231 | 0 | if (fp) |
232 | 0 | (void)fclose(fp); |
233 | 0 | free(pem); |
234 | 0 | return NULL; |
235 | 0 | } |
236 | | |
237 | | BOOL crypto_write_pem(const char* WINPR_RESTRICT filename, const char* WINPR_RESTRICT pem, |
238 | | size_t length) |
239 | 0 | { |
240 | 0 | WINPR_ASSERT(filename); |
241 | 0 | WINPR_ASSERT(pem || (length == 0)); |
242 | | |
243 | 0 | WINPR_ASSERT(filename); |
244 | 0 | WINPR_ASSERT(pem); |
245 | | |
246 | 0 | const size_t size = strnlen(pem, length) + 1; |
247 | 0 | size_t rc = 0; |
248 | 0 | FILE* fp = winpr_fopen(filename, "w"); |
249 | 0 | if (!fp) |
250 | 0 | goto fail; |
251 | 0 | rc = fwrite(pem, 1, size, fp); |
252 | 0 | (void)fclose(fp); |
253 | 0 | fail: |
254 | 0 | if (rc == 0) |
255 | 0 | { |
256 | 0 | char buffer[8192] = { 0 }; |
257 | 0 | WLog_WARN(TAG, "Failed to write PEM [%" PRIuz "] to file '%s' [%s]", length, filename, |
258 | 0 | winpr_strerror(errno, buffer, sizeof(buffer))); |
259 | 0 | } |
260 | 0 | return rc == size; |
261 | 0 | } |