1 |
/* |
2 |
* ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd). |
3 |
* rsa.c: Functions for use with RSA public key cryptography. |
4 |
* |
5 |
* Copyright (C) 2002 by the past and present ircd coders, and others. |
6 |
* |
7 |
* This program is free software; you can redistribute it and/or modify |
8 |
* it under the terms of the GNU General Public License as published by |
9 |
* the Free Software Foundation; either version 2 of the License, or |
10 |
* (at your option) any later version. |
11 |
* |
12 |
* This program is distributed in the hope that it will be useful, |
13 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 |
* GNU General Public License for more details. |
16 |
* |
17 |
* You should have received a copy of the GNU General Public License |
18 |
* along with this program; if not, write to the Free Software |
19 |
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 |
20 |
* USA |
21 |
* |
22 |
* $Id$ |
23 |
*/ |
24 |
|
25 |
#include "stdinc.h" |
26 |
|
27 |
#include <openssl/pem.h> |
28 |
#include <openssl/rand.h> |
29 |
#include <openssl/rsa.h> |
30 |
#include <openssl/md5.h> |
31 |
#include <openssl/bn.h> |
32 |
#include <openssl/evp.h> |
33 |
#include <openssl/err.h> |
34 |
#include <openssl/opensslv.h> |
35 |
|
36 |
#include "memory.h" |
37 |
#include "rsa.h" |
38 |
#include "s_conf.h" |
39 |
#include "s_log.h" |
40 |
#include "client.h" /* CIPHERKEYLEN .. eww */ |
41 |
#include "ircd.h" /* bio_spare_fd */ |
42 |
|
43 |
static void binary_to_hex(unsigned char *bin, char *hex, int length); |
44 |
|
45 |
/* |
46 |
* report_crypto_errors - Dump crypto error list to log |
47 |
*/ |
48 |
void |
49 |
report_crypto_errors(void) |
50 |
{ |
51 |
unsigned long e = 0; |
52 |
unsigned long cnt = 0; |
53 |
|
54 |
ERR_load_crypto_strings(); |
55 |
|
56 |
while ((cnt < 100) && (e = ERR_get_error())) |
57 |
{ |
58 |
ilog(L_CRIT, "SSL error: %s", ERR_error_string(e, 0)); |
59 |
cnt++; |
60 |
} |
61 |
} |
62 |
|
63 |
/* |
64 |
* verify_private_key - reread private key and verify against inmem key |
65 |
*/ |
66 |
int |
67 |
verify_private_key(void) |
68 |
{ |
69 |
BIO *file; |
70 |
RSA *key; |
71 |
RSA *mkey; |
72 |
|
73 |
/* If the rsa_private_key directive isn't found, error out. */ |
74 |
if (ServerInfo.rsa_private_key == NULL) |
75 |
{ |
76 |
ilog(L_NOTICE, "rsa_private_key in serverinfo{} is not defined."); |
77 |
return -1; |
78 |
} |
79 |
|
80 |
/* If rsa_private_key_file isn't available, error out. */ |
81 |
if (ServerInfo.rsa_private_key_file == NULL) |
82 |
{ |
83 |
ilog(L_NOTICE, "Internal error: rsa_private_key_file isn't defined."); |
84 |
return -1; |
85 |
} |
86 |
|
87 |
if (bio_spare_fd > -1) |
88 |
close(bio_spare_fd); |
89 |
|
90 |
file = BIO_new_file(ServerInfo.rsa_private_key_file, "r"); |
91 |
|
92 |
/* |
93 |
* If BIO_new_file returned NULL (according to OpenSSL docs), then |
94 |
* an error occurred. |
95 |
*/ |
96 |
if (file == NULL) |
97 |
{ |
98 |
bio_spare_fd = save_spare_fd("SSL private key validation"); |
99 |
ilog(L_NOTICE, "Failed to open private key file - can't validate it"); |
100 |
return -1; |
101 |
} |
102 |
|
103 |
/* |
104 |
* jdc -- Let's do this a little differently. According to the |
105 |
* OpenSSL documentation, you need to METHOD_free(key) before |
106 |
* assigning it. Don't believe me? Check out the following |
107 |
* URL: http://www.openssl.org/docs/crypto/pem.html#BUGS |
108 |
* P.S. -- I have no idea why the key= assignment has to be typecasted. |
109 |
* For some reason the system thinks PEM_read_bio_RSAPrivateKey |
110 |
* is returning an int, not a RSA *. |
111 |
* androsyn -- Thats because you didn't have a prototype and including |
112 |
* pem.h breaks things for some reason.. |
113 |
*/ |
114 |
key = (RSA *) PEM_read_bio_RSAPrivateKey(file, NULL, 0, NULL); |
115 |
|
116 |
if (key == NULL) |
117 |
{ |
118 |
ilog(L_NOTICE, "PEM_read_bio_RSAPrivateKey() failed; possibly not RSA?"); |
119 |
report_crypto_errors(); |
120 |
return -1; |
121 |
} |
122 |
|
123 |
BIO_set_close(file, BIO_CLOSE); |
124 |
BIO_free(file); |
125 |
bio_spare_fd = save_spare_fd("SSL private key validation"); |
126 |
|
127 |
mkey = ServerInfo.rsa_private_key; |
128 |
|
129 |
/* |
130 |
* Compare the in-memory key to the key we just loaded above. If |
131 |
* any of the portions don't match, then logically we have a different |
132 |
* in-memory key vs. the one we just loaded. This is bad, mmmkay? |
133 |
*/ |
134 |
if (mkey->pad != key->pad) |
135 |
ilog(L_CRIT, "Private key corrupted: pad %i != pad %i", |
136 |
mkey->pad, key->pad); |
137 |
|
138 |
if (mkey->version != key->version) |
139 |
{ |
140 |
#if (OPENSSL_VERSION_NUMBER >= 0x00907000) |
141 |
ilog(L_CRIT, "Private key corrupted: version %li != version %li", |
142 |
mkey->version, key->version); |
143 |
#else |
144 |
ilog(L_CRIT, "Private key corrupted: version %i != version %i", |
145 |
mkey->version, key->version); |
146 |
#endif |
147 |
} |
148 |
|
149 |
if (BN_cmp(mkey->n, key->n)) |
150 |
ilog(L_CRIT, "Private key corrupted: n differs"); |
151 |
if (BN_cmp(mkey->e, key->e)) |
152 |
ilog(L_CRIT, "Private key corrupted: e differs"); |
153 |
if (BN_cmp(mkey->d, key->d)) |
154 |
ilog(L_CRIT, "Private key corrupted: d differs"); |
155 |
if (BN_cmp(mkey->p, key->p)) |
156 |
ilog(L_CRIT, "Private key corrupted: p differs"); |
157 |
if (BN_cmp(mkey->q, key->q)) |
158 |
ilog(L_CRIT, "Private key corrupted: q differs"); |
159 |
if (BN_cmp(mkey->dmp1, key->dmp1)) |
160 |
ilog(L_CRIT, "Private key corrupted: dmp1 differs"); |
161 |
if (BN_cmp(mkey->dmq1, key->dmq1)) |
162 |
ilog(L_CRIT, "Private key corrupted: dmq1 differs"); |
163 |
if (BN_cmp(mkey->iqmp, key->iqmp)) |
164 |
ilog(L_CRIT, "Private key corrupted: iqmp differs"); |
165 |
|
166 |
RSA_free(key); |
167 |
return 0; |
168 |
} |
169 |
|
170 |
|
171 |
static void |
172 |
binary_to_hex(unsigned char *bin, char *hex, int length) |
173 |
{ |
174 |
static const char trans[] = "0123456789ABCDEF"; |
175 |
int i; |
176 |
|
177 |
for(i = 0; i < length; i++) |
178 |
{ |
179 |
hex[i << 1] = trans[bin[i] >> 4]; |
180 |
hex[(i << 1) + 1] = trans[bin[i] & 0xf]; |
181 |
} |
182 |
|
183 |
hex[i << 1] = '\0'; |
184 |
} |
185 |
|
186 |
int |
187 |
get_randomness(unsigned char *buf, int length) |
188 |
{ |
189 |
/* Seed OpenSSL PRNG with EGD enthropy pool -kre */ |
190 |
if (ConfigFileEntry.use_egd && |
191 |
(ConfigFileEntry.egdpool_path != NULL)) |
192 |
{ |
193 |
if (RAND_egd(ConfigFileEntry.egdpool_path) == -1) |
194 |
return -1; |
195 |
} |
196 |
|
197 |
if (RAND_status()) |
198 |
return (RAND_bytes(buf, length)); |
199 |
else /* XXX - abort? */ |
200 |
return (RAND_pseudo_bytes(buf, length)); |
201 |
} |
202 |
|
203 |
int |
204 |
generate_challenge(char **r_challenge, char **r_response, RSA *rsa) |
205 |
{ |
206 |
unsigned char secret[32], *tmp; |
207 |
unsigned long length; |
208 |
int ret = -1; |
209 |
|
210 |
if (!rsa) |
211 |
return -1; |
212 |
get_randomness(secret, 32); |
213 |
*r_response = MyMalloc(65); |
214 |
binary_to_hex(secret, *r_response, 32); |
215 |
|
216 |
length = RSA_size(rsa); |
217 |
tmp = MyMalloc(length); |
218 |
ret = RSA_public_encrypt(32, secret, tmp, rsa, RSA_PKCS1_PADDING); |
219 |
|
220 |
*r_challenge = MyMalloc((length << 1) + 1); |
221 |
binary_to_hex( tmp, *r_challenge, length); |
222 |
(*r_challenge)[length<<1] = 0; |
223 |
MyFree(tmp); |
224 |
|
225 |
if (ret < 0) |
226 |
{ |
227 |
report_crypto_errors(); |
228 |
return -1; |
229 |
} |
230 |
return 0; |
231 |
} |