/[svn]/ircd-hybrid-7.2/src/rsa.c
ViewVC logotype

Contents of /ircd-hybrid-7.2/src/rsa.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1011 - (show annotations)
Fri Sep 18 10:14:09 2009 UTC (10 years, 2 months ago) by michael
File MIME type: text/x-chdr
File size: 6374 byte(s)
- move list manipulation routines from tools.c to list.c
- mem_frob() goes to memory.c
- sort out redundant/unneeded header includes

1 /*
2 * ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
3 * rsa.c: Functions for use with RSA public key cryptography.
4 *
5 * Copyright (C) 2002 by the past and present ircd coders, and others.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
20 * USA
21 *
22 * $Id$
23 */
24
25 #include "stdinc.h"
26
27 #include <openssl/pem.h>
28 #include <openssl/rand.h>
29 #include <openssl/rsa.h>
30 #include <openssl/md5.h>
31 #include <openssl/bn.h>
32 #include <openssl/evp.h>
33 #include <openssl/err.h>
34
35 #include "memory.h"
36 #include "rsa.h"
37 #include "s_conf.h"
38 #include "s_log.h"
39 #include "client.h" /* CIPHERKEYLEN .. eww */
40 #include "ircd.h" /* bio_spare_fd */
41
42 static void binary_to_hex(unsigned char *bin, char *hex, int length);
43
44 /*
45 * report_crypto_errors - Dump crypto error list to log
46 */
47 void
48 report_crypto_errors(void)
49 {
50 unsigned long e = 0;
51 unsigned long cnt = 0;
52
53 ERR_load_crypto_strings();
54
55 while ((cnt < 100) && (e = ERR_get_error()))
56 {
57 ilog(L_CRIT, "SSL error: %s", ERR_error_string(e, 0));
58 cnt++;
59 }
60 }
61
62 /*
63 * verify_private_key - reread private key and verify against inmem key
64 */
65 int
66 verify_private_key(void)
67 {
68 BIO *file;
69 RSA *key;
70 RSA *mkey;
71
72 /* If the rsa_private_key directive isn't found, error out. */
73 if (ServerInfo.rsa_private_key == NULL)
74 {
75 ilog(L_NOTICE, "rsa_private_key in serverinfo{} is not defined.");
76 return -1;
77 }
78
79 /* If rsa_private_key_file isn't available, error out. */
80 if (ServerInfo.rsa_private_key_file == NULL)
81 {
82 ilog(L_NOTICE, "Internal error: rsa_private_key_file isn't defined.");
83 return -1;
84 }
85
86 if (bio_spare_fd > -1)
87 close(bio_spare_fd);
88
89 file = BIO_new_file(ServerInfo.rsa_private_key_file, "r");
90
91 /*
92 * If BIO_new_file returned NULL (according to OpenSSL docs), then
93 * an error occurred.
94 */
95 if (file == NULL)
96 {
97 bio_spare_fd = save_spare_fd("SSL private key validation");
98 ilog(L_NOTICE, "Failed to open private key file - can't validate it");
99 return -1;
100 }
101
102 /*
103 * jdc -- Let's do this a little differently. According to the
104 * OpenSSL documentation, you need to METHOD_free(key) before
105 * assigning it. Don't believe me? Check out the following
106 * URL: http://www.openssl.org/docs/crypto/pem.html#BUGS
107 * P.S. -- I have no idea why the key= assignment has to be typecasted.
108 * For some reason the system thinks PEM_read_bio_RSAPrivateKey
109 * is returning an int, not a RSA *.
110 * androsyn -- Thats because you didn't have a prototype and including
111 * pem.h breaks things for some reason..
112 */
113 key = (RSA *) PEM_read_bio_RSAPrivateKey(file, NULL, 0, NULL);
114
115 if (key == NULL)
116 {
117 ilog(L_NOTICE, "PEM_read_bio_RSAPrivateKey() failed; possibly not RSA?");
118 report_crypto_errors();
119 return -1;
120 }
121
122 BIO_set_close(file, BIO_CLOSE);
123 BIO_free(file);
124 bio_spare_fd = save_spare_fd("SSL private key validation");
125
126 mkey = ServerInfo.rsa_private_key;
127
128 /*
129 * Compare the in-memory key to the key we just loaded above. If
130 * any of the portions don't match, then logically we have a different
131 * in-memory key vs. the one we just loaded. This is bad, mmmkay?
132 */
133 if (mkey->pad != key->pad)
134 ilog(L_CRIT, "Private key corrupted: pad %i != pad %i",
135 mkey->pad, key->pad);
136
137 if (mkey->version != key->version)
138 {
139 #if (OPENSSL_VERSION_NUMBER & 0x00907000) == 0x00907000
140 ilog(L_CRIT, "Private key corrupted: version %li != version %li",
141 mkey->version, key->version);
142 #else
143 ilog(L_CRIT, "Private key corrupted: version %i != version %i",
144 mkey->version, key->version);
145 #endif
146 }
147
148 if (BN_cmp(mkey->n, key->n))
149 ilog(L_CRIT, "Private key corrupted: n differs");
150 if (BN_cmp(mkey->e, key->e))
151 ilog(L_CRIT, "Private key corrupted: e differs");
152 if (BN_cmp(mkey->d, key->d))
153 ilog(L_CRIT, "Private key corrupted: d differs");
154 if (BN_cmp(mkey->p, key->p))
155 ilog(L_CRIT, "Private key corrupted: p differs");
156 if (BN_cmp(mkey->q, key->q))
157 ilog(L_CRIT, "Private key corrupted: q differs");
158 if (BN_cmp(mkey->dmp1, key->dmp1))
159 ilog(L_CRIT, "Private key corrupted: dmp1 differs");
160 if (BN_cmp(mkey->dmq1, key->dmq1))
161 ilog(L_CRIT, "Private key corrupted: dmq1 differs");
162 if (BN_cmp(mkey->iqmp, key->iqmp))
163 ilog(L_CRIT, "Private key corrupted: iqmp differs");
164
165 RSA_free(key);
166 return 0;
167 }
168
169
170 static void
171 binary_to_hex(unsigned char *bin, char *hex, int length)
172 {
173 static const char trans[] = "0123456789ABCDEF";
174 int i;
175
176 for(i = 0; i < length; i++)
177 {
178 hex[i << 1] = trans[bin[i] >> 4];
179 hex[(i << 1) + 1] = trans[bin[i] & 0xf];
180 }
181
182 hex[i << 1] = '\0';
183 }
184
185 int
186 get_randomness(unsigned char *buf, int length)
187 {
188 /* Seed OpenSSL PRNG with EGD enthropy pool -kre */
189 if (ConfigFileEntry.use_egd &&
190 (ConfigFileEntry.egdpool_path != NULL))
191 {
192 if (RAND_egd(ConfigFileEntry.egdpool_path) == -1)
193 return -1;
194 }
195
196 if (RAND_status())
197 return (RAND_bytes(buf, length));
198 else /* XXX - abort? */
199 return (RAND_pseudo_bytes(buf, length));
200 }
201
202 int
203 generate_challenge(char **r_challenge, char **r_response, RSA *rsa)
204 {
205 unsigned char secret[32], *tmp;
206 unsigned long length;
207 int ret = -1;
208
209 if (!rsa)
210 return -1;
211 get_randomness(secret, 32);
212 *r_response = MyMalloc(65);
213 binary_to_hex(secret, *r_response, 32);
214
215 length = RSA_size(rsa);
216 tmp = MyMalloc(length);
217 ret = RSA_public_encrypt(32, secret, tmp, rsa, RSA_PKCS1_PADDING);
218
219 *r_challenge = MyMalloc((length << 1) + 1);
220 binary_to_hex( tmp, *r_challenge, length);
221 (*r_challenge)[length<<1] = 0;
222 MyFree(tmp);
223
224 if (ret < 0)
225 {
226 report_crypto_errors();
227 return -1;
228 }
229 return 0;
230 }

Properties

Name Value
svn:eol-style native
svn:keywords Id Revision

svnadmin@ircd-hybrid.org
ViewVC Help
Powered by ViewVC 1.1.26