View of /netsukuku/src/crypto.c

    1 /* This file is part of Netsukuku
    2  * (c) Copyright 2005 Andrea Lo Pumo aka AlpT <alpt@freaknet.org>
    3  *
    4  * This source code is free software; you can redistribute it and/or
    5  * modify it under the terms of the GNU General Public License as published
    6  * by the Free Software Foundation; either version 2 of the License,
    7  * or (at your option) any later version.
    8  *
    9  * This source code is distributed in the hope that it will be useful,
   10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
   12  * Please refer to the GNU Public License for more details.
   13  *
   14  * You should have received a copy of the GNU Public License along with
   15  * this source code; if not, write to:
   16  * Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
   17  *
   18  * --
   19  * crypto.c:
   20  * front end to the OpenSSL cryptographic functions
   21  */
   22 
   23 #include <openssl/bio.h>
   24 #include <openssl/evp.h>
   25 #include <openssl/crypto.h>
   26 #include <openssl/md5.h>
   27 #include <openssl/x509.h>
   28 #include <openssl/err.h>
   29 #include <openssl/rand.h>
   30 #include <openssl/rsa.h>
   31 #include <openssl/pem.h>
   32 
   33 #include "crypto.h"
   34 
   35 #include "log.h"
   36 #include "xmalloc.h"
   37 
   38 void init_crypto(void)
   39 {
   40   RAND_load_file("/dev/urandom", 1024);
   41   ERR_load_crypto_strings();
   42 }
   43 
   44 void free_crypto(void)
   45 {
   46   ERR_free_strings();
   47 }
   48 
   49 char *ssl_strerr(void)
   50 {
   51   return ERR_error_string(ERR_get_error(), 0);
   52 }
   53 
   54 /*
   55  * crypto_pack_pubkey
   56  * ------------------
   57  *
   58  * Packs the RSA public key `pkey', and saves the result in a newly allocated
   59  * space. The pointer to that space is saved in `*pub'.
   60  * If `pub_len' is not NULL, the size of the pack will be saved in `*pub_len'.
   61  *
   62  * It return -1 on error, otherwise 0;
   63  */
   64 int crypto_pack_pubkey(RSA *pkey, u_char **pub, u_int *pub_len)
   65 {
   66   size_t len;
   67 
   68   if(!pub)
   69     return -1;
   70 
   71   *pub=0;
   72   len=i2d_RSAPublicKey(pkey, pub);
   73   if(pub_len)
   74     *pub_len=len;
   75 
   76   if(len <= 0) {
   77     debug(DBG_SOFT, "Cannot dump RSA public key: %s", ssl_strerr());
   78     return -1;
   79   }
   80 
   81   return 0;
   82 }
   83 
   84 /*
   85  * crypto_pack_privkey
   86  * ------------------
   87  *
   88  * The same of {-crypto_pack_pubkey-}, but for private key only.
   89  */
   90 int crypto_pack_privkey(RSA *pkey, u_char **priv, u_int *priv_len)
   91 {
   92   size_t len;
   93 
   94   if(!priv)
   95     return -1;
   96 
   97   *priv=0;
   98   len=i2d_RSAPrivateKey(pkey, priv);
   99   if(priv_len)
  100     *priv_len=len;
  101   if(len <= 0) {
  102     debug(DBG_SOFT, "Cannot dump RSA public key: %s", ssl_strerr());
  103     return -1;
  104   }
  105 
  106   return 0;
  107 }
  108 
  109 /*
  110  * genrsa
  111  * ------
  112  *
  113  * Generates a new rsa key pair and returns the private key in the RSA
  114  * format. If `pub' is not null, it stores in it the pointer to a newly
  115  * allocated dump of the public key that is `*pub_len' bytes. The same is for
  116  * `priv' and `priv_len'.
  117  * On error null is returned.
  118  */
  119 RSA *genrsa(int key_bits, u_char **pub, u_int *pub_len, u_char **priv, u_int *priv_len)
  120 {
  121   RSA *rsa=0;
  122   int len;
  123 
  124   rsa=RSA_generate_key(key_bits, RSA_F4, NULL, NULL);
  125   if (!rsa) {
  126     debug(DBG_SOFT, "RSA key generation failed");
  127     goto error;
  128   }
  129 
  130   if(priv) {
  131     if(crypto_pack_privkey(rsa, priv, priv_len))
  132       goto error;
  133   }
  134 
  135   if(pub) {
  136     if(crypto_pack_pubkey(rsa, pub, pub_len))
  137       goto error;
  138   }
  139 
  140   return rsa;
  141 error:
  142   if(rsa)
  143     RSA_free(rsa);
  144   return 0;
  145 }
  146 
  147 /*
  148  * get_rsa_pub
  149  *
  150  * Converts a dump of a rsa pub key to a RSA structure, which is returned.
  151  * Remeber to RSA_free() the returned key.
  152  */
  153 RSA *get_rsa_pub(const u_char **pub_key, long length)
  154 {
  155    return d2i_RSAPublicKey(NULL, pub_key, length);
  156 }
  157 
  158 /*
  159  * get_rsa_priv
  160  *
  161  * Converts a dump of a rsa priv key to a RSA structure, which is returned.
  162  * Remeber to RSA_free() the returned key.
  163  */
  164 RSA *get_rsa_priv(const u_char **priv_key, long length)
  165 {
  166    return d2i_RSAPrivateKey(NULL, priv_key, length);
  167 }
  168 
  169 u_char *hash_sha1(u_char *msg, u_int m_len, u_char *hash)
  170 {
  171   return SHA1(msg, m_len, hash);
  172 }
  173 
  174 u_char *hash_md5(u_char *msg, u_int m_len, u_char *hash)
  175 {
  176   return MD5(msg, m_len, hash);
  177 }
  178 
  179 /*
  180  * rsa_sign: It signs the given message `msg' and returns its newly allocated
  181  * signature. In `siglen' it stores the signature's lenght.
  182  * On error null is returned.
  183  */
  184 u_char *rsa_sign(u_char *msg, u_int m_len, RSA *priv, u_int *siglen)
  185 {
  186   u_char *signature;
  187   int ret, len;
  188 
  189   ret=RSA_size(priv);
  190   if(!ret)
  191     return 0;
  192 
  193   signature=(u_char *)xmalloc(ret);
  194   ret=RSA_sign(NID_sha1, hash_sha1(msg, m_len, 0), SHA_DIGEST_LENGTH,
  195       signature,(u_int*) &len, priv);
  196   if(siglen)
  197     *siglen=len;
  198 
  199   return !ret ? 0 : signature;
  200 }
  201 
  202 /*
  203  * verify_sign: verifies the rsa `signature' of `msg'.
  204  * It returns 1 if the signature is valid, otherwise 0 is returned.
  205  */
  206 int verify_sign(u_char *msg, u_int m_len, u_char *signature, u_int siglen, RSA *pub)
  207 {
  208         return RSA_verify(NID_sha1, hash_sha1(msg, m_len, 0), SHA_DIGEST_LENGTH,
  209       signature, siglen, pub);
  210 }