tools/rsa_respond/respond.c

/*
 * tools/rsa_respond/respond.c
 * A simple RSA authentification challenge response generator for the
 * ircd-hybrid CHALLENGE command.
 *  This code is Copyright(C)2001 by the past and present ircd-hybrid
 *  developers.
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *  $Id: respond.c,v 1.10 2003/05/10 02:20:25 joshk Exp $
 */
#include <stdio.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/md5.h>
#include <unistd.h>

static int insecure_mode = 0;
static char *pass_param = NULL;

static int pass_cb(char *buf, int size, int rwflag, void *u)
{
        int len;
        char *tmp;

        if (insecure_mode != 0)
        {
                if (pass_param == NULL)
                        return 0;
                len = strlen(pass_param);
                if (len <= 0)  /* This SHOULDN'T happen */
                        return 0;
                if (len > size)
                        len = size;
                memcpy(buf, pass_param, len);
                return len;
        }

        tmp = getpass("Enter passphrase for challenge: ");
        if (!tmp)
        {
                puts("Couldn't read passphrase from stdin!");
                exit(-1);
        }
        len = strlen(tmp);
        if (len <= 0) 
                return 0;
        if (len > size)
                len = size;
        memcpy(buf, tmp, len);
        return len;
}

static void
binary_to_hex( unsigned char * bin, char * hex, int length )
{
        char * trans = "0123456789ABCDEF";
        int i;

        for( i = 0; i < length; i++ )
        {
                hex[i<<1]     = trans[bin[i] >> 4];
                hex[(i<<1)+1] = trans[bin[i] & 0xf];
        }
        hex[i<<1] = '\0';
}

static int
hex_to_binary(const char *from, char *to, int len)
{
        char a, b=1;
        int p=0;
        const char *ptr = from;
        while (-1)
        {
                a = *ptr++;
                if (!a)
                        break;
                b = *ptr++;
                
                /* If this happens, we got bad input. */
                if (!b)
                        break;
                if (p >= len)
                        break;
                if (!((a >= '0' && a <= '9') || (a >= 'A' && a <= 'F')))
                        break;
                if (!((b >= '0' && b <= '9') || (b >= 'A' && b <= 'F')))
                        break;
                to[p++] = ((a <= '9') ? (a - '0') : (a - 'A' + 0xA))<<4 |
                        ((b <= '9') ? (b - '0') : (b - 'A' + 0xA));
        }
        return p;
}

int
main(int argc, char **argv)
{
        FILE *kfile;
        RSA *rsa = NULL;
        char ndata[257], ddata[257];
        /* respond privatefile challenge */
        if (argc < 3)
        {
                puts("Usage: respond privatefile challenge [passphrase]");
                return 0;
        }

        if (argc == 4)
        {
                /* This is TOTALLY insecure and not recommended, but for
                ** interfacing with irc client scripts, it's either this
                ** or don't use a passphrase.
                **
                ** The likelihood of a passphrase leaking isn't TOO great,
                ** only ps auxww will show it, and even then, only at the
                ** precise moment this is called.
                */
                insecure_mode = 1;
                pass_param = argv[3];
        }

        if (!(kfile = fopen(argv[1], "r")))
        {
                puts("Could not open the private keyfile.");
                return 0;
        }
        
        SSLeay_add_all_ciphers();
        rsa = PEM_read_RSAPrivateKey(kfile, NULL,pass_cb, NULL);
  
        if(!rsa)
        {
                puts("Unable to read your private key, is the passphrase wrong?");
                return 0;
        }

         fclose(kfile);
        if (hex_to_binary(argv[2], ndata, 128) != 128)
        {
                puts("Bad challenge.");
                return -1;
        }

        if (RSA_private_decrypt(128, (unsigned char*)ndata,
                (unsigned char*)ddata, rsa, RSA_PKCS1_PADDING) == -1)
        {
                puts("Decryption error.");
                return -1;
        }
        binary_to_hex((unsigned char*)ddata, ndata, 32);
        puts(ndata);
        return 0;
}
Revision:	30
Committed:	Sun Oct 2 20:03:27 2005 UTC (18 years, 6 months ago) by adx
Content type:	text/x-csrc
Original Path:	*ircd-hybrid/tools/rsa_respond/respond.c*
File size:	3894 byte(s)
Log Message:	- imported sources - can be moved later according to the directory/branching scheme, but we need the svn up
#	User	Rev	Content
1	adx	30	/*
2			* tools/rsa_respond/respond.c
3			* A simple RSA authentification challenge response generator for the
4			* ircd-hybrid CHALLENGE command.
5			* This code is Copyright(C)2001 by the past and present ircd-hybrid
6			* developers.
7			* This program is free software; you can redistribute it and/or modify
8			* it under the terms of the GNU General Public License as published by
9			* the Free Software Foundation; either version 2 of the License, or
10			* (at your option) any later version.
11			*
12			* This program is distributed in the hope that it will be useful,
13			* but WITHOUT ANY WARRANTY; without even the implied warranty of
14			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			* GNU General Public License for more details.
16			*
17			* You should have received a copy of the GNU General Public License
18			* along with this program; if not, write to the Free Software
19			* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
20			* $Id: respond.c,v 1.10 2003/05/10 02:20:25 joshk Exp $
21			*/
22			#include <stdio.h>
23			#include <string.h>
24			#include <openssl/err.h>
25			#include <openssl/rsa.h>
26			#include <openssl/pem.h>
27			#include <openssl/md5.h>
28			#include <unistd.h>
29
30			static int insecure_mode = 0;
31			static char *pass_param = NULL;
32
33			static int pass_cb(char buf, int size, int rwflag, void u)
34			{
35			int len;
36			char *tmp;
37
38			if (insecure_mode != 0)
39			{
40			if (pass_param == NULL)
41			return 0;
42			len = strlen(pass_param);
43			if (len <= 0) /* This SHOULDN'T happen */
44			return 0;
45			if (len > size)
46			len = size;
47			memcpy(buf, pass_param, len);
48			return len;
49			}
50
51			tmp = getpass("Enter passphrase for challenge: ");
52			if (!tmp)
53			{
54			puts("Couldn't read passphrase from stdin!");
55			exit(-1);
56			}
57			len = strlen(tmp);
58			if (len <= 0)
59			return 0;
60			if (len > size)
61			len = size;
62			memcpy(buf, tmp, len);
63			return len;
64			}
65
66			static void
67			binary_to_hex( unsigned char * bin, char * hex, int length )
68			{
69			char * trans = "0123456789ABCDEF";
70			int i;
71
72			for( i = 0; i < length; i++ )
73			{
74			hex[i<<1] = trans[bin[i] >> 4];
75			hex[(i<<1)+1] = trans[bin[i] & 0xf];
76			}
77			hex[i<<1] = '\0';
78			}
79
80			static int
81			hex_to_binary(const char from, char to, int len)
82			{
83			char a, b=1;
84			int p=0;
85			const char *ptr = from;
86			while (-1)
87			{
88			a = *ptr++;
89			if (!a)
90			break;
91			b = *ptr++;
92
93			/* If this happens, we got bad input. */
94			if (!b)
95			break;
96			if (p >= len)
97			break;
98			if (!((a >= '0' && a <= '9') \|\| (a >= 'A' && a <= 'F')))
99			break;
100			if (!((b >= '0' && b <= '9') \|\| (b >= 'A' && b <= 'F')))
101			break;
102			to[p++] = ((a <= '9') ? (a - '0') : (a - 'A' + 0xA))<<4 \|
103			((b <= '9') ? (b - '0') : (b - 'A' + 0xA));
104			}
105			return p;
106			}
107
108			int
109			main(int argc, char **argv)
110			{
111			FILE *kfile;
112			RSA *rsa = NULL;
113			char ndata[257], ddata[257];
114			/* respond privatefile challenge */
115			if (argc < 3)
116			{
117			puts("Usage: respond privatefile challenge [passphrase]");
118			return 0;
119			}
120
121			if (argc == 4)
122			{
123			/* This is TOTALLY insecure and not recommended, but for
124			** interfacing with irc client scripts, it's either this
125			** or don't use a passphrase.
126			**
127			** The likelihood of a passphrase leaking isn't TOO great,
128			** only ps auxww will show it, and even then, only at the
129			** precise moment this is called.
130			*/
131			insecure_mode = 1;
132			pass_param = argv[3];
133			}
134
135			if (!(kfile = fopen(argv[1], "r")))
136			{
137			puts("Could not open the private keyfile.");
138			return 0;
139			}
140
141			SSLeay_add_all_ciphers();
142			rsa = PEM_read_RSAPrivateKey(kfile, NULL,pass_cb, NULL);
143
144			if(!rsa)
145			{
146			puts("Unable to read your private key, is the passphrase wrong?");
147			return 0;
148			}
149
150			fclose(kfile);
151			if (hex_to_binary(argv[2], ndata, 128) != 128)
152			{
153			puts("Bad challenge.");
154			return -1;
155			}
156
157			if (RSA_private_decrypt(128, (unsigned char*)ndata,
158			(unsigned char*)ddata, rsa, RSA_PKCS1_PADDING) == -1)
159			{
160			puts("Decryption error.");
161			return -1;
162			}
163			binary_to_hex((unsigned char*)ddata, ndata, 32);
164			puts(ndata);
165			return 0;
166			}