crypto.c (10677B)
1 /* Mixmaster version 3.0 -- (C) 1999 - 2006 Anonymizer Inc. and others. 2 3 Mixmaster may be redistributed and modified under certain conditions. 4 This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF 5 ANY KIND, either express or implied. See the file COPYRIGHT for 6 details. 7 8 Interface to cryptographic library 9 $Id: crypto.c 934 2006-06-24 13:40:39Z rabbi $ */ 10 11 12 #include "mix3.h" 13 #include "crypto.h" 14 #include <assert.h> 15 #include <string.h> 16 #include <time.h> 17 18 #ifdef USE_OPENSSL 19 int digestmem_md5(byte *b, int n, BUFFER *md) 20 { 21 byte m[MD5_DIGEST_LENGTH]; 22 23 MD5(b, n, m); 24 buf_reset(md); 25 buf_append(md, m, MD5_DIGEST_LENGTH); 26 return (0); 27 } 28 29 int digest_md5(BUFFER *b, BUFFER *md) 30 { 31 return (digestmem_md5(b->data, b->length, md)); 32 } 33 34 int isdigest_md5(BUFFER *b, BUFFER *md) 35 { 36 int ret; 37 BUFFER *newmd; 38 39 newmd = buf_new(); 40 digest_md5(b, newmd); 41 ret = buf_eq(md, newmd); 42 buf_free(newmd); 43 return (ret); 44 } 45 46 static int digestmem_sha1(byte *b, int n, BUFFER *md) 47 { 48 byte m[SHA_DIGEST_LENGTH]; 49 50 SHA1(b, n, m); 51 buf_reset(md); 52 buf_append(md, m, SHA_DIGEST_LENGTH); 53 return (0); 54 } 55 56 int digest_sha1(BUFFER *b, BUFFER *md) 57 { 58 return (digestmem_sha1(b->data, b->length, md)); 59 } 60 61 static int digestmem_rmd160(byte *b, int n, BUFFER *md) 62 { 63 byte m[RIPEMD160_DIGEST_LENGTH]; 64 65 RIPEMD160(b, n, m); 66 buf_reset(md); 67 buf_append(md, m, RIPEMD160_DIGEST_LENGTH); 68 return (0); 69 } 70 71 int digest_rmd160(BUFFER *b, BUFFER *md) 72 { 73 return (digestmem_rmd160(b->data, b->length, md)); 74 } 75 76 #define MAX_RSA_MODULUS_LEN 128 77 78 static int read_seckey(BUFFER *buf, SECKEY *key, const byte id[]) 79 { 80 BUFFER *md; 81 int bits; 82 int len, plen; 83 byte *ptr; 84 int err = 0; 85 86 md = buf_new(); 87 bits = buf->data[0] + 256 * buf->data[1]; 88 len = (bits + 7) / 8; 89 plen = (len + 1) / 2; 90 91 /* due to encryption, buffer size is multiple of 8 */ 92 if (3 * len + 5 * plen + 8 < buf->length || 3 * len + 5 * plen > buf->length) 93 return (-1); 94 95 ptr = buf->data + 2; 96 97 key->n = BN_bin2bn(ptr, len, NULL); 98 buf_append(md, ptr, len); 99 ptr += len; 100 101 key->e = BN_bin2bn(ptr, len, NULL); 102 buf_append(md, ptr, len); 103 ptr += len; 104 105 key->d = BN_bin2bn(ptr, len, NULL); 106 ptr += len; 107 108 key->p = BN_bin2bn(ptr, plen, NULL); 109 ptr += plen; 110 111 key->q = BN_bin2bn(ptr, plen, NULL); 112 ptr += plen; 113 114 key->dmp1 = BN_bin2bn(ptr, plen, NULL); 115 ptr += plen; 116 117 key->dmq1 = BN_bin2bn(ptr, plen, NULL); 118 ptr += plen; 119 120 key->iqmp = BN_bin2bn(ptr, plen, NULL); 121 ptr += plen; 122 123 digest_md5(md, md); 124 if (id) 125 err = (memcmp(id, md->data, 16) == 0) ? 0 : -1; 126 buf_free(md); 127 return (err); 128 } 129 130 static int read_pubkey(BUFFER *buf, PUBKEY *key, const byte id[]) 131 { 132 BUFFER *md; 133 int bits; 134 int len; 135 byte *ptr; 136 int err = 0; 137 138 md = buf_new(); 139 bits = buf->data[0] + 256 * buf->data[1]; 140 len = (bits + 7) / 8; 141 142 if (2 * len + 2 != buf->length) 143 return (-1); 144 145 ptr = buf->data + 2; 146 147 key->n = BN_bin2bn(ptr, len, NULL); 148 buf_append(md, ptr, len); 149 ptr += len; 150 151 key->e = BN_bin2bn(ptr, len, NULL); 152 buf_append(md, ptr, len); 153 ptr += len; 154 155 digest_md5(md, md); 156 if (id) 157 err = (memcmp(id, md->data, 16) == 0) ? 0 : -1; 158 buf_free(md); 159 return (err); 160 } 161 162 static int write_seckey(BUFFER *sk, SECKEY *key, byte keyid[]) 163 { 164 byte l[128]; 165 int n; 166 BUFFER *b, *temp; 167 168 b = buf_new(); 169 temp = buf_new(); 170 171 n = BN_bn2bin(key->n, l); 172 assert(n <= 128); 173 if (n < 128) 174 buf_appendzero(b, 128 - n); 175 buf_append(b, l, n); 176 177 n = BN_bn2bin(key->e, l); 178 assert(n <= 128); 179 if (n < 128) 180 buf_appendzero(b, 128 - n); 181 buf_append(b, l, n); 182 183 digest_md5(b, temp); 184 memcpy(keyid, temp->data, 16); 185 186 buf_appendc(sk, 0); 187 buf_appendc(sk, 4); 188 buf_cat(sk, b); 189 190 n = BN_bn2bin(key->d, l); 191 assert(n <= 128); 192 if (n < 128) 193 buf_appendzero(sk, 128 - n); 194 buf_append(sk, l, n); 195 196 n = BN_bn2bin(key->p, l); 197 assert(n <= 64); 198 if (n < 64) 199 buf_appendzero(sk, 64 - n); 200 buf_append(sk, l, n); 201 202 n = BN_bn2bin(key->q, l); 203 assert(n <= 64); 204 if (n < 64) 205 buf_appendzero(sk, 64 - n); 206 buf_append(sk, l, n); 207 208 n = BN_bn2bin(key->dmp1, l); 209 assert(n <= 64); 210 if (n < 64) 211 buf_appendzero(sk, 64 - n); 212 buf_append(sk, l, n); 213 214 n = BN_bn2bin(key->dmq1, l); 215 assert(n <= 64); 216 if (n < 64) 217 buf_appendzero(sk, 64 - n); 218 buf_append(sk, l, n); 219 220 n = BN_bn2bin(key->iqmp, l); 221 assert(n <= 64); 222 if (n < 64) 223 buf_appendzero(sk, 64 - n); 224 buf_append(sk, l, n); 225 226 buf_pad(sk, 712); /* encrypt needs a block size multiple of 8 */ 227 228 buf_free(temp); 229 buf_free(b); 230 return (0); 231 } 232 233 static int write_pubkey(BUFFER *pk, PUBKEY *key, byte keyid[]) 234 { 235 byte l[128]; 236 int n; 237 238 buf_appendc(pk, 0); 239 buf_appendc(pk, 4); 240 n = BN_bn2bin(key->n, l); 241 assert(n <= 128); 242 if (n < 128) 243 buf_appendzero(pk, 128 - n); 244 buf_append(pk, l, n); 245 n = BN_bn2bin(key->e, l); 246 assert(n <= 128); 247 if (n < 128) 248 buf_appendzero(pk, 128 - n); 249 buf_append(pk, l, n); 250 return (0); 251 } 252 253 int seckeytopub(BUFFER *pub, BUFFER *sec, byte keyid[]) 254 { 255 RSA *k; 256 int err = 0; 257 258 k = RSA_new(); 259 err = read_seckey(sec, k, keyid); 260 if (err == 0) 261 err = write_pubkey(pub, k, keyid); 262 RSA_free(k); 263 return (err); 264 } 265 266 int check_pubkey(BUFFER *buf, const byte id[]) 267 { 268 RSA *tmp; 269 int ret; 270 271 tmp = RSA_new(); 272 ret = read_pubkey(buf, tmp, id); 273 RSA_free(tmp); 274 return (ret); 275 } 276 277 int check_seckey(BUFFER *buf, const byte id[]) 278 { 279 RSA *tmp; 280 int ret; 281 282 tmp = RSA_new(); 283 ret = read_seckey(buf, tmp, id); 284 RSA_free(tmp); 285 return (ret); 286 } 287 288 int v2createkey(void) 289 { 290 RSA *k; 291 BUFFER *b, *ek, *iv; 292 int err; 293 FILE *f; 294 byte keyid[16]; 295 char line[33]; 296 297 b = buf_new(); 298 ek = buf_new(); 299 iv = buf_new(); 300 301 errlog(NOTICE, "Generating RSA key.\n"); 302 k = RSA_generate_key(1024, 65537, NULL, NULL); 303 err = write_seckey(b, k, keyid); 304 RSA_free(k); 305 if (err == 0) { 306 f = mix_openfile(SECRING, "a"); 307 if (f != NULL) { 308 time_t now = time(NULL); 309 struct tm *gt; 310 gt = gmtime(&now); 311 strftime(line, LINELEN, "%Y-%m-%d", gt); 312 fprintf(f, "%s\nCreated: %s\n", begin_key, line); 313 if (KEYLIFETIME) { 314 now += KEYLIFETIME; 315 gt = gmtime(&now); 316 strftime(line, LINELEN, "%Y-%m-%d", gt); 317 fprintf(f, "Expires: %s\n", line); 318 } 319 id_encode(keyid, line); 320 buf_appends(ek, PASSPHRASE); 321 digest_md5(ek, ek); 322 buf_setrnd(iv, 8); 323 buf_crypt(b, ek, iv, ENCRYPT); 324 encode(b, 40); 325 encode(iv, 0); 326 fprintf(f, "%s\n0\n%s\n", line, iv->data); 327 buf_write(b, f); 328 fprintf(f, "%s\n\n", end_key); 329 fclose(f); 330 } else 331 err = -1; 332 } 333 if (err != 0) 334 errlog(ERRORMSG, "Key generation failed.\n"); 335 336 buf_free(b); 337 buf_free(ek); 338 buf_free(iv); 339 return (err); 340 } 341 342 int pk_decrypt(BUFFER *in, BUFFER *keybuf) 343 { 344 int err = 0; 345 BUFFER *out; 346 RSA *key; 347 348 out = buf_new(); 349 key = RSA_new(); 350 read_seckey(keybuf, key, NULL); 351 352 buf_prepare(out, in->length); 353 out->length = RSA_private_decrypt(in->length, in->data, out->data, key, 354 RSA_PKCS1_PADDING); 355 if (out->length == -1) 356 err = -1, out->length = 0; 357 358 RSA_free(key); 359 buf_move(in, out); 360 buf_free(out); 361 return (err); 362 } 363 364 int pk_encrypt(BUFFER *in, BUFFER *keybuf) 365 { 366 BUFFER *out; 367 RSA *key; 368 int err = 0; 369 370 out = buf_new(); 371 key = RSA_new(); 372 read_pubkey(keybuf, key, NULL); 373 374 buf_prepare(out, RSA_size(key)); 375 out->length = RSA_public_encrypt(in->length, in->data, out->data, key, 376 RSA_PKCS1_PADDING); 377 if (out->length == -1) 378 out->length = 0, err = -1; 379 buf_move(in, out); 380 buf_free(out); 381 RSA_free(key); 382 return (err); 383 } 384 int buf_crypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc) 385 { 386 DES_key_schedule ks1; 387 DES_key_schedule ks2; 388 DES_key_schedule ks3; 389 DES_cblock i; 390 391 assert(enc == ENCRYPT || enc == DECRYPT); 392 assert((key->length == 16 || key->length == 24) && iv->length == 8); 393 assert(buf->length % 8 == 0); 394 395 memcpy(i, iv->data, 8); /* leave iv buffer unchanged */ 396 DES_set_key((const_DES_cblock *) key->data, &ks1); 397 DES_set_key((const_DES_cblock *) (key->data + 8), &ks2); 398 if (key->length == 16) 399 DES_set_key((const_DES_cblock *) key->data, &ks3); 400 else 401 DES_set_key((const_DES_cblock *) (key->data + 16), &ks3); 402 DES_ede3_cbc_encrypt(buf->data, buf->data, buf->length, &ks1, &ks2, &ks3, 403 &i, enc); 404 return (0); 405 } 406 407 int buf_3descrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc) 408 { 409 int n = 0; 410 DES_key_schedule ks1; 411 DES_key_schedule ks2; 412 DES_key_schedule ks3; 413 414 assert(enc == ENCRYPT || enc == DECRYPT); 415 assert(key->length == 24 && iv->length == 8); 416 417 DES_set_key((const_DES_cblock *) key->data, &ks1); 418 DES_set_key((const_DES_cblock *) (key->data + 8), &ks2); 419 DES_set_key((const_DES_cblock *) (key->data + 16), &ks3); 420 DES_ede3_cfb64_encrypt(buf->data, buf->data, buf->length, &ks1, &ks2, &ks3, 421 (DES_cblock *) iv->data, &n, enc); 422 return (0); 423 } 424 425 int buf_bfcrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc) 426 { 427 int n = 0; 428 BF_KEY ks; 429 430 if (key == NULL || key->length == 0) 431 return (-1); 432 433 assert(enc == ENCRYPT || enc == DECRYPT); 434 assert(key->length == 16 && iv->length == 8); 435 BF_set_key(&ks, key->length, key->data); 436 BF_cfb64_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n, 437 enc == ENCRYPT ? BF_ENCRYPT : BF_DECRYPT); 438 return (0); 439 } 440 441 int buf_castcrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc) 442 { 443 int n = 0; 444 CAST_KEY ks; 445 446 if (key == NULL || key->length == 0) 447 return (-1); 448 449 assert(enc == ENCRYPT || enc == DECRYPT); 450 assert(key->length == 16 && iv->length == 8); 451 CAST_set_key(&ks, 16, key->data); 452 CAST_cfb64_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n, 453 enc == ENCRYPT ? CAST_ENCRYPT : CAST_DECRYPT); 454 return (0); 455 } 456 457 #ifdef USE_AES 458 int buf_aescrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc) 459 { 460 int n = 0; 461 AES_KEY ks; 462 463 if (key == NULL || key->length == 0) 464 return (-1); 465 466 assert(enc == ENCRYPT || enc == DECRYPT); 467 assert((key->length == 16 || key->length == 24 || key->length == 32) && iv->length == 16); 468 AES_set_encrypt_key(key->data, key->length<<3, &ks); 469 AES_cfb128_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n, 470 enc == ENCRYPT ? AES_ENCRYPT : AES_DECRYPT); 471 return (0); 472 } 473 #endif /* USE_AES */ 474 475 #ifdef USE_IDEA 476 int buf_ideacrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc) 477 { 478 int n = 0; 479 IDEA_KEY_SCHEDULE ks; 480 481 if (key == NULL || key->length == 0) 482 return (-1); 483 484 assert(enc == ENCRYPT || enc == DECRYPT); 485 assert(key->length == 16 && iv->length == 8); 486 idea_set_encrypt_key(key->data, &ks); 487 idea_cfb64_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n, 488 enc == ENCRYPT ? IDEA_ENCRYPT : IDEA_DECRYPT); 489 return (0); 490 } 491 #endif /* USE_IDEA */ 492 #endif /* USE_OPENSSL */