Coverage Report

Created: 2026-07-16 07:09

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/FreeRDP/libfreerdp/crypto/crypto.c
Line
Count
Source
1
/**
2
 * FreeRDP: A Remote Desktop Protocol Implementation
3
 * Cryptographic Abstraction Layer
4
 *
5
 * Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
6
 * Copyright 2023 Armin Novak <anovak@thincast.com>
7
 * Copyright 2023 Thincast Technologies GmbH
8
 *
9
 * Licensed under the Apache License, Version 2.0 (the "License");
10
 * you may not use this file except in compliance with the License.
11
 * You may obtain a copy of the License at
12
 *
13
 *   http://www.apache.org/licenses/LICENSE-2.0
14
 *
15
 * Unless required by applicable law or agreed to in writing, software
16
 * distributed under the License is distributed on an "AS IS" BASIS,
17
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18
 * See the License for the specific language governing permissions and
19
 * limitations under the License.
20
 */
21
22
#include <errno.h>
23
24
#include <openssl/objects.h>
25
#include <openssl/bn.h>
26
27
#include <freerdp/config.h>
28
29
#include <winpr/crt.h>
30
#include <winpr/assert.h>
31
32
#include <freerdp/log.h>
33
#include <freerdp/crypto/crypto.h>
34
35
#include "crypto.h"
36
#include "privatekey.h"
37
38
#define TAG FREERDP_TAG("crypto")
39
40
static SSIZE_T crypto_rsa_common(const BYTE* input, size_t length, UINT32 key_length,
41
                                 const BYTE* modulus, const BYTE* exponent, size_t exponent_size,
42
                                 BYTE* output, size_t out_length)
43
0
{
44
0
  BN_CTX* ctx = nullptr;
45
0
  int output_length = -1;
46
0
  BYTE* input_reverse = nullptr;
47
0
  BYTE* modulus_reverse = nullptr;
48
0
  BYTE* exponent_reverse = nullptr;
49
0
  BIGNUM* mod = nullptr;
50
0
  BIGNUM* exp = nullptr;
51
0
  BIGNUM* x = nullptr;
52
0
  BIGNUM* y = nullptr;
53
0
  size_t bufferSize = 0;
54
55
0
  if (!input || !modulus || !exponent || !output)
56
0
    return -1;
57
58
0
  if (exponent_size > INT_MAX / 2)
59
0
    return -1;
60
61
0
  if (key_length >= INT_MAX / 2 - exponent_size)
62
0
    return -1;
63
64
0
  bufferSize = 2ULL * key_length + exponent_size;
65
0
  if (length > bufferSize)
66
0
    bufferSize = length;
67
68
0
  input_reverse = (BYTE*)calloc(bufferSize, 1);
69
70
0
  if (!input_reverse)
71
0
    return -1;
72
73
0
  modulus_reverse = input_reverse + key_length;
74
0
  exponent_reverse = modulus_reverse + key_length;
75
0
  memmove(modulus_reverse, modulus, key_length);
76
0
  crypto_reverse(modulus_reverse, key_length);
77
0
  memmove(exponent_reverse, exponent, exponent_size);
78
0
  crypto_reverse(exponent_reverse, exponent_size);
79
0
  memmove(input_reverse, input, length);
80
0
  crypto_reverse(input_reverse, length);
81
82
0
  if (!(ctx = BN_CTX_new()))
83
0
    goto fail;
84
85
0
  if (!(mod = BN_new()))
86
0
    goto fail;
87
88
0
  if (!(exp = BN_new()))
89
0
    goto fail;
90
91
0
  if (!(x = BN_new()))
92
0
    goto fail;
93
94
0
  if (!(y = BN_new()))
95
0
    goto fail;
96
97
0
  if (!BN_bin2bn(modulus_reverse, (int)key_length, mod))
98
0
    goto fail;
99
100
0
  if (!BN_bin2bn(exponent_reverse, (int)exponent_size, exp))
101
0
    goto fail;
102
0
  if (!BN_bin2bn(input_reverse, (int)length, x))
103
0
    goto fail;
104
0
  if (BN_mod_exp(y, x, exp, mod, ctx) != 1)
105
0
    goto fail;
106
0
  {
107
0
    const int len = BN_num_bytes(y);
108
0
    if ((len < 0) || (WINPR_ASSERTING_INT_CAST(size_t, len) > out_length))
109
0
      goto fail;
110
0
    output_length = BN_bn2bin(y, output);
111
0
  }
112
0
  if (output_length < 0)
113
0
    goto fail;
114
0
  crypto_reverse(output, WINPR_ASSERTING_INT_CAST(size_t, output_length));
115
116
0
  if ((size_t)output_length < key_length)
117
0
  {
118
0
    size_t diff = key_length - WINPR_ASSERTING_INT_CAST(size_t, output_length);
119
0
    if ((size_t)output_length + diff > out_length)
120
0
      diff = out_length - (size_t)output_length;
121
0
    memset(output + output_length, 0, diff);
122
0
  }
123
124
0
fail:
125
0
  BN_free(y);
126
0
  BN_clear_free(x);
127
0
  BN_free(exp);
128
0
  BN_free(mod);
129
0
  BN_CTX_free(ctx);
130
0
  free(input_reverse);
131
0
  return output_length;
132
0
}
133
134
static SSIZE_T crypto_rsa_public(const BYTE* input, size_t length, const rdpCertInfo* cert,
135
                                 BYTE* output, size_t output_length)
136
0
{
137
0
  WINPR_ASSERT(cert);
138
0
  return crypto_rsa_common(input, length, cert->ModulusLength, cert->Modulus, cert->exponent,
139
0
                           sizeof(cert->exponent), output, output_length);
140
0
}
141
142
static SSIZE_T crypto_rsa_private(const BYTE* input, size_t length, const rdpPrivateKey* key,
143
                                  BYTE* output, size_t output_length)
144
0
{
145
0
  WINPR_ASSERT(key);
146
0
  const rdpCertInfo* info = freerdp_key_get_info(key);
147
0
  WINPR_ASSERT(info);
148
149
0
  size_t PrivateExponentLength = 0;
150
0
  const BYTE* PrivateExponent = freerdp_key_get_exponent(key, &PrivateExponentLength);
151
0
  return crypto_rsa_common(input, length, info->ModulusLength, info->Modulus, PrivateExponent,
152
0
                           PrivateExponentLength, output, output_length);
153
0
}
154
155
SSIZE_T crypto_rsa_public_encrypt(const BYTE* input, size_t length, const rdpCertInfo* cert,
156
                                  BYTE* output, size_t output_length)
157
0
{
158
0
  return crypto_rsa_public(input, length, cert, output, output_length);
159
0
}
160
161
SSIZE_T crypto_rsa_public_decrypt(const BYTE* input, size_t length, const rdpCertInfo* cert,
162
                                  BYTE* output, size_t output_length)
163
0
{
164
0
  return crypto_rsa_public(input, length, cert, output, output_length);
165
0
}
166
167
SSIZE_T crypto_rsa_private_encrypt(const BYTE* input, size_t length, const rdpPrivateKey* key,
168
                                   BYTE* output, size_t output_length)
169
0
{
170
0
  return crypto_rsa_private(input, length, key, output, output_length);
171
0
}
172
173
SSIZE_T crypto_rsa_private_decrypt(const BYTE* input, size_t length, const rdpPrivateKey* key,
174
                                   BYTE* output, size_t output_length)
175
0
{
176
0
  return crypto_rsa_private(input, length, key, output, output_length);
177
0
}
178
179
void crypto_reverse(BYTE* data, size_t length)
180
0
{
181
0
  if (length < 1)
182
0
    return;
183
184
0
  for (size_t i = 0, j = length - 1; i < j; i++, j--)
185
0
  {
186
0
    const BYTE temp = data[i];
187
0
    data[i] = data[j];
188
0
    data[j] = temp;
189
0
  }
190
0
}
191
192
char* crypto_read_pem(const char* WINPR_RESTRICT filename, size_t* WINPR_RESTRICT plength)
193
0
{
194
0
  char* pem = nullptr;
195
0
  FILE* fp = nullptr;
196
197
0
  WINPR_ASSERT(filename);
198
199
0
  if (plength)
200
0
    *plength = 0;
201
202
0
  fp = winpr_fopen(filename, "r");
203
0
  if (!fp)
204
0
    goto fail;
205
206
0
  {
207
0
    const int rs = _fseeki64(fp, 0, SEEK_END);
208
0
    if (rs < 0)
209
0
      goto fail;
210
0
  }
211
212
0
  {
213
0
    const int64_t size = _ftelli64(fp);
214
0
    if (size < 0)
215
0
      goto fail;
216
217
0
    {
218
0
      const int rc = _fseeki64(fp, 0, SEEK_SET);
219
0
      if (rc < 0)
220
0
        goto fail;
221
0
    }
222
223
0
    pem = calloc(WINPR_ASSERTING_INT_CAST(size_t, size) + 1, sizeof(char));
224
0
    if (!pem)
225
0
      goto fail;
226
227
0
    {
228
0
      const size_t fr = fread(pem, (size_t)size, 1, fp);
229
0
      if (fr != 1)
230
0
        goto fail;
231
0
    }
232
233
0
    if (plength)
234
0
      *plength = strnlen(pem, WINPR_ASSERTING_INT_CAST(size_t, size));
235
0
  }
236
0
  (void)fclose(fp);
237
0
  return pem;
238
239
0
fail:
240
0
{
241
0
  char buffer[8192] = WINPR_C_ARRAY_INIT;
242
0
  WLog_WARN(TAG, "Failed to read PEM from file '%s' [%s]", filename,
243
0
            winpr_strerror(errno, buffer, sizeof(buffer)));
244
0
}
245
0
  if (fp)
246
0
    (void)fclose(fp);
247
0
  free(pem);
248
0
  return nullptr;
249
0
}
250
251
BOOL crypto_write_pem(const char* WINPR_RESTRICT filename, const char* WINPR_RESTRICT pem,
252
                      size_t length)
253
0
{
254
0
  WINPR_ASSERT(filename);
255
0
  WINPR_ASSERT(pem || (length == 0));
256
257
0
  WINPR_ASSERT(filename);
258
0
  WINPR_ASSERT(pem);
259
260
0
  const size_t size = strnlen(pem, length) + 1;
261
0
  size_t rc = 0;
262
0
  FILE* fp = winpr_fopen(filename, "w");
263
0
  if (!fp)
264
0
    goto fail;
265
0
  rc = fwrite(pem, 1, size, fp);
266
0
  (void)fclose(fp);
267
0
fail:
268
0
  if (rc == 0)
269
0
  {
270
0
    char buffer[8192] = WINPR_C_ARRAY_INIT;
271
0
    WLog_WARN(TAG, "Failed to write PEM [%" PRIuz "] to file '%s' [%s]", length, filename,
272
0
              winpr_strerror(errno, buffer, sizeof(buffer)));
273
0
  }
274
0
  return rc == size;
275
0
}