/src/FreeRDP/libfreerdp/crypto/crypto.c
Line | Count | Source |
1 | | /** |
2 | | * FreeRDP: A Remote Desktop Protocol Implementation |
3 | | * Cryptographic Abstraction Layer |
4 | | * |
5 | | * Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com> |
6 | | * Copyright 2023 Armin Novak <anovak@thincast.com> |
7 | | * Copyright 2023 Thincast Technologies GmbH |
8 | | * |
9 | | * Licensed under the Apache License, Version 2.0 (the "License"); |
10 | | * you may not use this file except in compliance with the License. |
11 | | * You may obtain a copy of the License at |
12 | | * |
13 | | * http://www.apache.org/licenses/LICENSE-2.0 |
14 | | * |
15 | | * Unless required by applicable law or agreed to in writing, software |
16 | | * distributed under the License is distributed on an "AS IS" BASIS, |
17 | | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
18 | | * See the License for the specific language governing permissions and |
19 | | * limitations under the License. |
20 | | */ |
21 | | |
22 | | #include <errno.h> |
23 | | |
24 | | #include <openssl/objects.h> |
25 | | #include <openssl/bn.h> |
26 | | |
27 | | #include <freerdp/config.h> |
28 | | |
29 | | #include <winpr/crt.h> |
30 | | #include <winpr/assert.h> |
31 | | |
32 | | #include <freerdp/log.h> |
33 | | #include <freerdp/crypto/crypto.h> |
34 | | |
35 | | #include "crypto.h" |
36 | | #include "privatekey.h" |
37 | | |
38 | | #define TAG FREERDP_TAG("crypto") |
39 | | |
40 | | static SSIZE_T crypto_rsa_common(const BYTE* input, size_t length, UINT32 key_length, |
41 | | const BYTE* modulus, const BYTE* exponent, size_t exponent_size, |
42 | | BYTE* output, size_t out_length) |
43 | 0 | { |
44 | 0 | BN_CTX* ctx = nullptr; |
45 | 0 | int output_length = -1; |
46 | 0 | BYTE* input_reverse = nullptr; |
47 | 0 | BYTE* modulus_reverse = nullptr; |
48 | 0 | BYTE* exponent_reverse = nullptr; |
49 | 0 | BIGNUM* mod = nullptr; |
50 | 0 | BIGNUM* exp = nullptr; |
51 | 0 | BIGNUM* x = nullptr; |
52 | 0 | BIGNUM* y = nullptr; |
53 | 0 | size_t bufferSize = 0; |
54 | |
|
55 | 0 | if (!input || !modulus || !exponent || !output) |
56 | 0 | return -1; |
57 | | |
58 | 0 | if (exponent_size > INT_MAX / 2) |
59 | 0 | return -1; |
60 | | |
61 | 0 | if (key_length >= INT_MAX / 2 - exponent_size) |
62 | 0 | return -1; |
63 | | |
64 | 0 | bufferSize = 2ULL * key_length + exponent_size; |
65 | 0 | if (length > bufferSize) |
66 | 0 | bufferSize = length; |
67 | |
|
68 | 0 | input_reverse = (BYTE*)calloc(bufferSize, 1); |
69 | |
|
70 | 0 | if (!input_reverse) |
71 | 0 | return -1; |
72 | | |
73 | 0 | modulus_reverse = input_reverse + key_length; |
74 | 0 | exponent_reverse = modulus_reverse + key_length; |
75 | 0 | memmove(modulus_reverse, modulus, key_length); |
76 | 0 | crypto_reverse(modulus_reverse, key_length); |
77 | 0 | memmove(exponent_reverse, exponent, exponent_size); |
78 | 0 | crypto_reverse(exponent_reverse, exponent_size); |
79 | 0 | memmove(input_reverse, input, length); |
80 | 0 | crypto_reverse(input_reverse, length); |
81 | |
|
82 | 0 | if (!(ctx = BN_CTX_new())) |
83 | 0 | goto fail; |
84 | | |
85 | 0 | if (!(mod = BN_new())) |
86 | 0 | goto fail; |
87 | | |
88 | 0 | if (!(exp = BN_new())) |
89 | 0 | goto fail; |
90 | | |
91 | 0 | if (!(x = BN_new())) |
92 | 0 | goto fail; |
93 | | |
94 | 0 | if (!(y = BN_new())) |
95 | 0 | goto fail; |
96 | | |
97 | 0 | if (!BN_bin2bn(modulus_reverse, (int)key_length, mod)) |
98 | 0 | goto fail; |
99 | | |
100 | 0 | if (!BN_bin2bn(exponent_reverse, (int)exponent_size, exp)) |
101 | 0 | goto fail; |
102 | 0 | if (!BN_bin2bn(input_reverse, (int)length, x)) |
103 | 0 | goto fail; |
104 | 0 | if (BN_mod_exp(y, x, exp, mod, ctx) != 1) |
105 | 0 | goto fail; |
106 | 0 | { |
107 | 0 | const int len = BN_num_bytes(y); |
108 | 0 | if ((len < 0) || (WINPR_ASSERTING_INT_CAST(size_t, len) > out_length)) |
109 | 0 | goto fail; |
110 | 0 | output_length = BN_bn2bin(y, output); |
111 | 0 | } |
112 | 0 | if (output_length < 0) |
113 | 0 | goto fail; |
114 | 0 | crypto_reverse(output, WINPR_ASSERTING_INT_CAST(size_t, output_length)); |
115 | |
|
116 | 0 | if ((size_t)output_length < key_length) |
117 | 0 | { |
118 | 0 | size_t diff = key_length - WINPR_ASSERTING_INT_CAST(size_t, output_length); |
119 | 0 | if ((size_t)output_length + diff > out_length) |
120 | 0 | diff = out_length - (size_t)output_length; |
121 | 0 | memset(output + output_length, 0, diff); |
122 | 0 | } |
123 | |
|
124 | 0 | fail: |
125 | 0 | BN_free(y); |
126 | 0 | BN_clear_free(x); |
127 | 0 | BN_free(exp); |
128 | 0 | BN_free(mod); |
129 | 0 | BN_CTX_free(ctx); |
130 | 0 | free(input_reverse); |
131 | 0 | return output_length; |
132 | 0 | } |
133 | | |
134 | | static SSIZE_T crypto_rsa_public(const BYTE* input, size_t length, const rdpCertInfo* cert, |
135 | | BYTE* output, size_t output_length) |
136 | 0 | { |
137 | 0 | WINPR_ASSERT(cert); |
138 | 0 | return crypto_rsa_common(input, length, cert->ModulusLength, cert->Modulus, cert->exponent, |
139 | 0 | sizeof(cert->exponent), output, output_length); |
140 | 0 | } |
141 | | |
142 | | static SSIZE_T crypto_rsa_private(const BYTE* input, size_t length, const rdpPrivateKey* key, |
143 | | BYTE* output, size_t output_length) |
144 | 0 | { |
145 | 0 | WINPR_ASSERT(key); |
146 | 0 | const rdpCertInfo* info = freerdp_key_get_info(key); |
147 | 0 | WINPR_ASSERT(info); |
148 | |
|
149 | 0 | size_t PrivateExponentLength = 0; |
150 | 0 | const BYTE* PrivateExponent = freerdp_key_get_exponent(key, &PrivateExponentLength); |
151 | 0 | return crypto_rsa_common(input, length, info->ModulusLength, info->Modulus, PrivateExponent, |
152 | 0 | PrivateExponentLength, output, output_length); |
153 | 0 | } |
154 | | |
155 | | SSIZE_T crypto_rsa_public_encrypt(const BYTE* input, size_t length, const rdpCertInfo* cert, |
156 | | BYTE* output, size_t output_length) |
157 | 0 | { |
158 | 0 | return crypto_rsa_public(input, length, cert, output, output_length); |
159 | 0 | } |
160 | | |
161 | | SSIZE_T crypto_rsa_public_decrypt(const BYTE* input, size_t length, const rdpCertInfo* cert, |
162 | | BYTE* output, size_t output_length) |
163 | 0 | { |
164 | 0 | return crypto_rsa_public(input, length, cert, output, output_length); |
165 | 0 | } |
166 | | |
167 | | SSIZE_T crypto_rsa_private_encrypt(const BYTE* input, size_t length, const rdpPrivateKey* key, |
168 | | BYTE* output, size_t output_length) |
169 | 0 | { |
170 | 0 | return crypto_rsa_private(input, length, key, output, output_length); |
171 | 0 | } |
172 | | |
173 | | SSIZE_T crypto_rsa_private_decrypt(const BYTE* input, size_t length, const rdpPrivateKey* key, |
174 | | BYTE* output, size_t output_length) |
175 | 0 | { |
176 | 0 | return crypto_rsa_private(input, length, key, output, output_length); |
177 | 0 | } |
178 | | |
179 | | void crypto_reverse(BYTE* data, size_t length) |
180 | 46 | { |
181 | 46 | if (length < 1) |
182 | 0 | return; |
183 | | |
184 | 1.51k | for (size_t i = 0, j = length - 1; i < j; i++, j--) |
185 | 1.47k | { |
186 | 1.47k | const BYTE temp = data[i]; |
187 | 1.47k | data[i] = data[j]; |
188 | 1.47k | data[j] = temp; |
189 | 1.47k | } |
190 | 46 | } |
191 | | |
192 | | char* crypto_read_pem(const char* WINPR_RESTRICT filename, size_t* WINPR_RESTRICT plength) |
193 | 0 | { |
194 | 0 | char* pem = nullptr; |
195 | 0 | FILE* fp = nullptr; |
196 | |
|
197 | 0 | WINPR_ASSERT(filename); |
198 | |
|
199 | 0 | if (plength) |
200 | 0 | *plength = 0; |
201 | |
|
202 | 0 | fp = winpr_fopen(filename, "r"); |
203 | 0 | if (!fp) |
204 | 0 | goto fail; |
205 | | |
206 | 0 | { |
207 | 0 | const int rs = _fseeki64(fp, 0, SEEK_END); |
208 | 0 | if (rs < 0) |
209 | 0 | goto fail; |
210 | 0 | } |
211 | | |
212 | 0 | { |
213 | 0 | const int64_t size = _ftelli64(fp); |
214 | 0 | if (size < 0) |
215 | 0 | goto fail; |
216 | | |
217 | 0 | { |
218 | 0 | const int rc = _fseeki64(fp, 0, SEEK_SET); |
219 | 0 | if (rc < 0) |
220 | 0 | goto fail; |
221 | 0 | } |
222 | | |
223 | 0 | pem = calloc(WINPR_ASSERTING_INT_CAST(size_t, size) + 1, sizeof(char)); |
224 | 0 | if (!pem) |
225 | 0 | goto fail; |
226 | | |
227 | 0 | { |
228 | 0 | const size_t fr = fread(pem, (size_t)size, 1, fp); |
229 | 0 | if (fr != 1) |
230 | 0 | goto fail; |
231 | 0 | } |
232 | | |
233 | 0 | if (plength) |
234 | 0 | *plength = strnlen(pem, WINPR_ASSERTING_INT_CAST(size_t, size)); |
235 | 0 | } |
236 | 0 | (void)fclose(fp); |
237 | 0 | return pem; |
238 | | |
239 | 0 | fail: |
240 | 0 | { |
241 | 0 | char buffer[8192] = WINPR_C_ARRAY_INIT; |
242 | 0 | WLog_WARN(TAG, "Failed to read PEM from file '%s' [%s]", filename, |
243 | 0 | winpr_strerror(errno, buffer, sizeof(buffer))); |
244 | 0 | } |
245 | 0 | if (fp) |
246 | 0 | (void)fclose(fp); |
247 | 0 | free(pem); |
248 | 0 | return nullptr; |
249 | 0 | } |
250 | | |
251 | | BOOL crypto_write_pem(const char* WINPR_RESTRICT filename, const char* WINPR_RESTRICT pem, |
252 | | size_t length) |
253 | 0 | { |
254 | 0 | WINPR_ASSERT(filename); |
255 | 0 | WINPR_ASSERT(pem || (length == 0)); |
256 | |
|
257 | 0 | WINPR_ASSERT(filename); |
258 | 0 | WINPR_ASSERT(pem); |
259 | |
|
260 | 0 | const size_t size = strnlen(pem, length) + 1; |
261 | 0 | size_t rc = 0; |
262 | 0 | FILE* fp = winpr_fopen(filename, "w"); |
263 | 0 | if (!fp) |
264 | 0 | goto fail; |
265 | 0 | rc = fwrite(pem, 1, size, fp); |
266 | 0 | (void)fclose(fp); |
267 | 0 | fail: |
268 | 0 | if (rc == 0) |
269 | 0 | { |
270 | 0 | char buffer[8192] = WINPR_C_ARRAY_INIT; |
271 | 0 | WLog_WARN(TAG, "Failed to write PEM [%" PRIuz "] to file '%s' [%s]", length, filename, |
272 | 0 | winpr_strerror(errno, buffer, sizeof(buffer))); |
273 | 0 | } |
274 | 0 | return rc == size; |
275 | 0 | } |