FreeRDP
Loading...
Searching...
No Matches
libfreerdp/crypto/crypto.c
1
22#include <errno.h>
23
24#include <openssl/objects.h>
25#include <openssl/bn.h>
26
27#include <freerdp/config.h>
28
29#include <winpr/crt.h>
30#include <winpr/assert.h>
31
32#include <freerdp/log.h>
33#include <freerdp/crypto/crypto.h>
34
35#include "crypto.h"
36#include "privatekey.h"
37
38#define TAG FREERDP_TAG("crypto")
39
40static SSIZE_T crypto_rsa_common(const BYTE* input, size_t length, UINT32 key_length,
41 const BYTE* modulus, const BYTE* exponent, size_t exponent_size,
42 BYTE* output, size_t out_length)
43{
44 BN_CTX* ctx = nullptr;
45 int output_length = -1;
46 BYTE* input_reverse = nullptr;
47 BYTE* modulus_reverse = nullptr;
48 BYTE* exponent_reverse = nullptr;
49 BIGNUM* mod = nullptr;
50 BIGNUM* exp = nullptr;
51 BIGNUM* x = nullptr;
52 BIGNUM* y = nullptr;
53 size_t bufferSize = 0;
54
55 if (!input || !modulus || !exponent || !output)
56 return -1;
57
58 if (exponent_size > INT_MAX / 2)
59 return -1;
60
61 if (key_length >= INT_MAX / 2 - exponent_size)
62 return -1;
63
64 bufferSize = 2ULL * key_length + exponent_size;
65 if (length > bufferSize)
66 bufferSize = length;
67
68 input_reverse = (BYTE*)calloc(bufferSize, 1);
69
70 if (!input_reverse)
71 return -1;
72
73 modulus_reverse = input_reverse + key_length;
74 exponent_reverse = modulus_reverse + key_length;
75 memmove(modulus_reverse, modulus, key_length);
76 crypto_reverse(modulus_reverse, key_length);
77 memmove(exponent_reverse, exponent, exponent_size);
78 crypto_reverse(exponent_reverse, exponent_size);
79 memmove(input_reverse, input, length);
80 crypto_reverse(input_reverse, length);
81
82 if (!(ctx = BN_CTX_new()))
83 goto fail;
84
85 if (!(mod = BN_new()))
86 goto fail;
87
88 if (!(exp = BN_new()))
89 goto fail;
90
91 if (!(x = BN_new()))
92 goto fail;
93
94 if (!(y = BN_new()))
95 goto fail;
96
97 if (!BN_bin2bn(modulus_reverse, (int)key_length, mod))
98 goto fail;
99
100 if (!BN_bin2bn(exponent_reverse, (int)exponent_size, exp))
101 goto fail;
102 if (!BN_bin2bn(input_reverse, (int)length, x))
103 goto fail;
104 if (BN_mod_exp(y, x, exp, mod, ctx) != 1)
105 goto fail;
106 {
107 const int len = BN_num_bytes(y);
108 if ((len < 0) || (WINPR_ASSERTING_INT_CAST(size_t, len) > out_length))
109 goto fail;
110 output_length = BN_bn2bin(y, output);
111 }
112 if (output_length < 0)
113 goto fail;
114 crypto_reverse(output, WINPR_ASSERTING_INT_CAST(size_t, output_length));
115
116 if ((size_t)output_length < key_length)
117 {
118 size_t diff = key_length - WINPR_ASSERTING_INT_CAST(size_t, output_length);
119 if ((size_t)output_length + diff > out_length)
120 diff = out_length - (size_t)output_length;
121 memset(output + output_length, 0, diff);
122 }
123
124fail:
125 BN_free(y);
126 BN_clear_free(x);
127 BN_free(exp);
128 BN_free(mod);
129 BN_CTX_free(ctx);
130 free(input_reverse);
131 return output_length;
132}
133
134static SSIZE_T crypto_rsa_public(const BYTE* input, size_t length, const rdpCertInfo* cert,
135 BYTE* output, size_t output_length)
136{
137 WINPR_ASSERT(cert);
138 return crypto_rsa_common(input, length, cert->ModulusLength, cert->Modulus, cert->exponent,
139 sizeof(cert->exponent), output, output_length);
140}
141
142static SSIZE_T crypto_rsa_private(const BYTE* input, size_t length, const rdpPrivateKey* key,
143 BYTE* output, size_t output_length)
144{
145 WINPR_ASSERT(key);
146 const rdpCertInfo* info = freerdp_key_get_info(key);
147 WINPR_ASSERT(info);
148
149 size_t PrivateExponentLength = 0;
150 const BYTE* PrivateExponent = freerdp_key_get_exponent(key, &PrivateExponentLength);
151 return crypto_rsa_common(input, length, info->ModulusLength, info->Modulus, PrivateExponent,
152 PrivateExponentLength, output, output_length);
153}
154
155SSIZE_T crypto_rsa_public_encrypt(const BYTE* input, size_t length, const rdpCertInfo* cert,
156 BYTE* output, size_t output_length)
157{
158 return crypto_rsa_public(input, length, cert, output, output_length);
159}
160
161SSIZE_T crypto_rsa_public_decrypt(const BYTE* input, size_t length, const rdpCertInfo* cert,
162 BYTE* output, size_t output_length)
163{
164 return crypto_rsa_public(input, length, cert, output, output_length);
165}
166
167SSIZE_T crypto_rsa_private_encrypt(const BYTE* input, size_t length, const rdpPrivateKey* key,
168 BYTE* output, size_t output_length)
169{
170 return crypto_rsa_private(input, length, key, output, output_length);
171}
172
173SSIZE_T crypto_rsa_private_decrypt(const BYTE* input, size_t length, const rdpPrivateKey* key,
174 BYTE* output, size_t output_length)
175{
176 return crypto_rsa_private(input, length, key, output, output_length);
177}
178
179void crypto_reverse(BYTE* data, size_t length)
180{
181 if (length < 1)
182 return;
183
184 for (size_t i = 0, j = length - 1; i < j; i++, j--)
185 {
186 const BYTE temp = data[i];
187 data[i] = data[j];
188 data[j] = temp;
189 }
190}
191
192char* crypto_read_pem(const char* WINPR_RESTRICT filename, size_t* WINPR_RESTRICT plength)
193{
194 char* pem = nullptr;
195 FILE* fp = nullptr;
196
197 WINPR_ASSERT(filename);
198
199 if (plength)
200 *plength = 0;
201
202 fp = winpr_fopen(filename, "r");
203 if (!fp)
204 goto fail;
205
206 {
207 const int rs = _fseeki64(fp, 0, SEEK_END);
208 if (rs < 0)
209 goto fail;
210 }
211
212 {
213 const int64_t size = _ftelli64(fp);
214 if (size < 0)
215 goto fail;
216
217 {
218 const int rc = _fseeki64(fp, 0, SEEK_SET);
219 if (rc < 0)
220 goto fail;
221 }
222
223 pem = calloc(WINPR_ASSERTING_INT_CAST(size_t, size) + 1, sizeof(char));
224 if (!pem)
225 goto fail;
226
227 {
228 const size_t fr = fread(pem, (size_t)size, 1, fp);
229 if (fr != 1)
230 goto fail;
231 }
232
233 if (plength)
234 *plength = strnlen(pem, WINPR_ASSERTING_INT_CAST(size_t, size));
235 }
236 (void)fclose(fp);
237 return pem;
238
239fail:
240{
241 char buffer[8192] = WINPR_C_ARRAY_INIT;
242 WLog_WARN(TAG, "Failed to read PEM from file '%s' [%s]", filename,
243 winpr_strerror(errno, buffer, sizeof(buffer)));
244}
245 if (fp)
246 (void)fclose(fp);
247 free(pem);
248 return nullptr;
249}
250
251BOOL crypto_write_pem(const char* WINPR_RESTRICT filename, const char* WINPR_RESTRICT pem,
252 size_t length)
253{
254 WINPR_ASSERT(filename);
255 WINPR_ASSERT(pem || (length == 0));
256
257 WINPR_ASSERT(filename);
258 WINPR_ASSERT(pem);
259
260 const size_t size = strnlen(pem, length) + 1;
261 size_t rc = 0;
262 FILE* fp = winpr_fopen(filename, "w");
263 if (!fp)
264 goto fail;
265 rc = fwrite(pem, 1, size, fp);
266 (void)fclose(fp);
267fail:
268 if (rc == 0)
269 {
270 char buffer[8192] = WINPR_C_ARRAY_INIT;
271 WLog_WARN(TAG, "Failed to write PEM [%" PRIuz "] to file '%s' [%s]", length, filename,
272 winpr_strerror(errno, buffer, sizeof(buffer)));
273 }
274 return rc == size;
275}