1 |
/* |
2 |
* tools/rsa_respond/respond.c |
3 |
* A simple RSA authentification challenge response generator for the |
4 |
* ircd-hybrid CHALLENGE command. |
5 |
* This code is Copyright(C)2001 by the past and present ircd-hybrid |
6 |
* developers. |
7 |
* This program is free software; you can redistribute it and/or modify |
8 |
* it under the terms of the GNU General Public License as published by |
9 |
* the Free Software Foundation; either version 2 of the License, or |
10 |
* (at your option) any later version. |
11 |
* |
12 |
* This program is distributed in the hope that it will be useful, |
13 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 |
* GNU General Public License for more details. |
16 |
* |
17 |
* You should have received a copy of the GNU General Public License |
18 |
* along with this program; if not, write to the Free Software |
19 |
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
20 |
* $Id: respond.c 33 2005-10-02 20:50:00Z knight $ |
21 |
*/ |
22 |
#include <stdio.h> |
23 |
#include <string.h> |
24 |
#include <openssl/err.h> |
25 |
#include <openssl/rsa.h> |
26 |
#include <openssl/pem.h> |
27 |
#include <openssl/md5.h> |
28 |
#include <unistd.h> |
29 |
|
30 |
static int insecure_mode = 0; |
31 |
static char *pass_param = NULL; |
32 |
|
33 |
static int pass_cb(char *buf, int size, int rwflag, void *u) |
34 |
{ |
35 |
int len; |
36 |
char *tmp; |
37 |
|
38 |
if (insecure_mode != 0) |
39 |
{ |
40 |
if (pass_param == NULL) |
41 |
return 0; |
42 |
len = strlen(pass_param); |
43 |
if (len <= 0) /* This SHOULDN'T happen */ |
44 |
return 0; |
45 |
if (len > size) |
46 |
len = size; |
47 |
memcpy(buf, pass_param, len); |
48 |
return len; |
49 |
} |
50 |
|
51 |
tmp = getpass("Enter passphrase for challenge: "); |
52 |
if (!tmp) |
53 |
{ |
54 |
puts("Couldn't read passphrase from stdin!"); |
55 |
exit(-1); |
56 |
} |
57 |
len = strlen(tmp); |
58 |
if (len <= 0) |
59 |
return 0; |
60 |
if (len > size) |
61 |
len = size; |
62 |
memcpy(buf, tmp, len); |
63 |
return len; |
64 |
} |
65 |
|
66 |
static void |
67 |
binary_to_hex( unsigned char * bin, char * hex, int length ) |
68 |
{ |
69 |
static const char trans[] = "0123456789ABCDEF"; |
70 |
int i; |
71 |
|
72 |
for( i = 0; i < length; i++ ) |
73 |
{ |
74 |
hex[i<<1] = trans[bin[i] >> 4]; |
75 |
hex[(i<<1)+1] = trans[bin[i] & 0xf]; |
76 |
} |
77 |
hex[i<<1] = '\0'; |
78 |
} |
79 |
|
80 |
static int |
81 |
hex_to_binary(const char *from, char *to, int len) |
82 |
{ |
83 |
char a, b=1; |
84 |
int p=0; |
85 |
const char *ptr = from; |
86 |
while (-1) |
87 |
{ |
88 |
a = *ptr++; |
89 |
if (!a) |
90 |
break; |
91 |
b = *ptr++; |
92 |
|
93 |
/* If this happens, we got bad input. */ |
94 |
if (!b) |
95 |
break; |
96 |
if (p >= len) |
97 |
break; |
98 |
if (!((a >= '0' && a <= '9') || (a >= 'A' && a <= 'F'))) |
99 |
break; |
100 |
if (!((b >= '0' && b <= '9') || (b >= 'A' && b <= 'F'))) |
101 |
break; |
102 |
to[p++] = ((a <= '9') ? (a - '0') : (a - 'A' + 0xA))<<4 | |
103 |
((b <= '9') ? (b - '0') : (b - 'A' + 0xA)); |
104 |
} |
105 |
return p; |
106 |
} |
107 |
|
108 |
int |
109 |
main(int argc, char **argv) |
110 |
{ |
111 |
FILE *kfile; |
112 |
RSA *rsa = NULL; |
113 |
char ndata[257], ddata[257]; |
114 |
/* respond privatefile challenge */ |
115 |
if (argc < 3) |
116 |
{ |
117 |
puts("Usage: respond privatefile challenge [passphrase]"); |
118 |
return 0; |
119 |
} |
120 |
|
121 |
if (argc == 4) |
122 |
{ |
123 |
/* This is TOTALLY insecure and not recommended, but for |
124 |
** interfacing with irc client scripts, it's either this |
125 |
** or don't use a passphrase. |
126 |
** |
127 |
** The likelihood of a passphrase leaking isn't TOO great, |
128 |
** only ps auxww will show it, and even then, only at the |
129 |
** precise moment this is called. |
130 |
*/ |
131 |
insecure_mode = 1; |
132 |
pass_param = argv[3]; |
133 |
} |
134 |
|
135 |
if (!(kfile = fopen(argv[1], "r"))) |
136 |
{ |
137 |
puts("Could not open the private keyfile."); |
138 |
return 0; |
139 |
} |
140 |
|
141 |
SSLeay_add_all_ciphers(); |
142 |
rsa = PEM_read_RSAPrivateKey(kfile, NULL,pass_cb, NULL); |
143 |
|
144 |
if(!rsa) |
145 |
{ |
146 |
puts("Unable to read your private key, is the passphrase wrong?"); |
147 |
return 0; |
148 |
} |
149 |
|
150 |
fclose(kfile); |
151 |
if (hex_to_binary(argv[2], ndata, 128) != 128) |
152 |
{ |
153 |
puts("Bad challenge."); |
154 |
return -1; |
155 |
} |
156 |
|
157 |
if (RSA_private_decrypt(128, (unsigned char*)ndata, |
158 |
(unsigned char*)ddata, rsa, RSA_PKCS1_PADDING) == -1) |
159 |
{ |
160 |
puts("Decryption error."); |
161 |
return -1; |
162 |
} |
163 |
binary_to_hex((unsigned char*)ddata, ndata, 32); |
164 |
puts(ndata); |
165 |
return 0; |
166 |
} |