| 1 |
/* |
| 2 |
* ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd) |
| 3 |
* |
| 4 |
* Copyright (c) 2000-2014 ircd-hybrid development team |
| 5 |
* |
| 6 |
* This program is free software; you can redistribute it and/or modify |
| 7 |
* it under the terms of the GNU General Public License as published by |
| 8 |
* the Free Software Foundation; either version 2 of the License, or |
| 9 |
* (at your option) any later version. |
| 10 |
* |
| 11 |
* This program is distributed in the hope that it will be useful, |
| 12 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 |
* GNU General Public License for more details. |
| 15 |
* |
| 16 |
* You should have received a copy of the GNU General Public License |
| 17 |
* along with this program; if not, write to the Free Software |
| 18 |
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 |
| 19 |
* USA |
| 20 |
*/ |
| 21 |
|
| 22 |
/*! \file rsa.c |
| 23 |
* \brief Functions for use with RSA public key cryptography. |
| 24 |
* \version $Id$ |
| 25 |
*/ |
| 26 |
|
| 27 |
#include "stdinc.h" |
| 28 |
#ifdef HAVE_LIBCRYPTO |
| 29 |
#include <openssl/pem.h> |
| 30 |
#include <openssl/rand.h> |
| 31 |
#include <openssl/rsa.h> |
| 32 |
#include <openssl/bn.h> |
| 33 |
#include <openssl/evp.h> |
| 34 |
#include <openssl/err.h> |
| 35 |
#include <openssl/opensslv.h> |
| 36 |
|
| 37 |
#include "memory.h" |
| 38 |
#include "rsa.h" |
| 39 |
#include "conf.h" |
| 40 |
#include "log.h" |
| 41 |
|
| 42 |
|
| 43 |
/* |
| 44 |
* report_crypto_errors - Dump crypto error list to log |
| 45 |
*/ |
| 46 |
void |
| 47 |
report_crypto_errors(void) |
| 48 |
{ |
| 49 |
unsigned long e = 0; |
| 50 |
|
| 51 |
while ((e = ERR_get_error())) |
| 52 |
ilog(LOG_TYPE_IRCD, "SSL error: %s", ERR_error_string(e, 0)); |
| 53 |
} |
| 54 |
|
| 55 |
static void |
| 56 |
binary_to_hex(unsigned char *bin, char *hex, int length) |
| 57 |
{ |
| 58 |
static const char trans[] = "0123456789ABCDEF"; |
| 59 |
int i; |
| 60 |
|
| 61 |
for (i = 0; i < length; ++i) |
| 62 |
{ |
| 63 |
hex[(i << 1) ] = trans[bin[i] >> 4]; |
| 64 |
hex[(i << 1) + 1] = trans[bin[i] & 0xf]; |
| 65 |
} |
| 66 |
|
| 67 |
hex[i << 1] = '\0'; |
| 68 |
} |
| 69 |
|
| 70 |
int |
| 71 |
get_randomness(unsigned char *buf, int length) |
| 72 |
{ |
| 73 |
/* Seed OpenSSL PRNG with EGD enthropy pool -kre */ |
| 74 |
if (ConfigFileEntry.use_egd && |
| 75 |
ConfigFileEntry.egdpool_path) |
| 76 |
if (RAND_egd(ConfigFileEntry.egdpool_path) == -1) |
| 77 |
return -1; |
| 78 |
|
| 79 |
if (RAND_status()) |
| 80 |
return RAND_bytes(buf, length); |
| 81 |
/* XXX - abort? */ |
| 82 |
return RAND_pseudo_bytes(buf, length); |
| 83 |
} |
| 84 |
|
| 85 |
int |
| 86 |
generate_challenge(char **r_challenge, char **r_response, RSA *rsa) |
| 87 |
{ |
| 88 |
unsigned char secret[32], *tmp; |
| 89 |
unsigned long length; |
| 90 |
int ret = -1; |
| 91 |
|
| 92 |
if (!rsa) |
| 93 |
return -1; |
| 94 |
|
| 95 |
get_randomness(secret, 32); |
| 96 |
*r_response = MyMalloc(65); |
| 97 |
binary_to_hex(secret, *r_response, 32); |
| 98 |
|
| 99 |
length = RSA_size(rsa); |
| 100 |
tmp = MyMalloc(length); |
| 101 |
ret = RSA_public_encrypt(32, secret, tmp, rsa, RSA_PKCS1_PADDING); |
| 102 |
|
| 103 |
*r_challenge = MyMalloc((length << 1) + 1); |
| 104 |
binary_to_hex( tmp, *r_challenge, length); |
| 105 |
(*r_challenge)[length<<1] = 0; |
| 106 |
MyFree(tmp); |
| 107 |
|
| 108 |
if (ret < 0) |
| 109 |
{ |
| 110 |
report_crypto_errors(); |
| 111 |
return -1; |
| 112 |
} |
| 113 |
|
| 114 |
return 0; |
| 115 |
} |
| 116 |
#endif |
