* Licensed under the GPL v2. For licencing details see COPYING.
*/
-/** \file crypt.c openssl-based RSA encryption/decryption routines */
+/** \file crypt.c Openssl-based encryption/decryption routines. */
#include <regex.h>
#include <dirent.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/rc4.h>
+#include <openssl/pem.h>
#include "para.h"
#include "error.h"
#include "string.h"
#include "crypt.h"
#include "fd.h"
+
+struct asymmetric_key {
+ RSA *rsa;
+};
+
/**
* Fill a buffer with random content.
*
}
/**
- * read an RSA key from a file
+ * Read an asymmetric key from a file.
*
- * \param key_file the file containing the key
- * \param rsa RSA structure is returned here
- * \param private if non-zero, read the private key, otherwise the public key
+ * \param key_file The file containing the key.
+ * \param private if non-zero, read the private key, otherwise the public key.
+ * \param result The key structure is returned here.
*
- * \return The size of the RSA key on success, negative on errors.
+ * \return The size of the key on success, negative on errors.
*
* \sa openssl(1), rsa(1).
*/
-int get_rsa_key(char *key_file, RSA **rsa, int private)
+int get_asymmetric_key(const char *key_file, int private,
+ struct asymmetric_key **result)
{
- EVP_PKEY *key = load_key(key_file, private);
+ struct asymmetric_key *key;
+ RSA *rsa;
+ EVP_PKEY *pkey = load_key(key_file, private);
- if (!key)
+ if (!pkey)
return (private == LOAD_PRIVATE_KEY)? -E_PRIVATE_KEY
: -E_PUBLIC_KEY;
- *rsa = EVP_PKEY_get1_RSA(key);
- EVP_PKEY_free(key);
- if (!*rsa)
+ rsa = EVP_PKEY_get1_RSA(pkey);
+ EVP_PKEY_free(pkey);
+ if (!rsa)
return -E_RSA;
- return RSA_size(*rsa);
+ key = para_malloc(sizeof(*key));
+ key->rsa = rsa;
+ *result = key;
+ return RSA_size(rsa);
}
/**
- * free an RSA structure
+ * Deallocate an asymmetric key structure.
*
- * \param rsa pointer to the RSA struct to free
+ * \param key Pointer to the key structure to free.
*
- * This must be called for any key obtained by get_rsa_key().
+ * This must be called for any key obtained by get_asymmetric_key().
*/
-void rsa_free(RSA *rsa)
+void free_asymmetric_key(struct asymmetric_key *key)
{
- if (rsa)
- RSA_free(rsa);
+ if (!key)
+ return;
+ RSA_free(key->rsa);
+ free(key);
}
/**
- * decrypt a buffer using an RSA key
+ * Decrypt a buffer using a private key.
*
- * \param key_file full path of the rsa key
- * \param outbuf the output buffer
- * \param inbuf the encrypted input buffer
- * \param rsa_inlen the length of \a inbuf
+ * \param key_file Full path of the key.
+ * \param outbuf The output buffer.
+ * \param inbuf The encrypted input buffer.
+ * \param inlen The length of \a inbuf in bytes.
*
* The \a outbuf must be large enough to hold at least \a rsa_inlen bytes.
*
*
* \sa RSA_private_decrypt(3)
**/
-int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *inbuf,
- unsigned rsa_inlen)
+int priv_decrypt(const char *key_file, unsigned char *outbuf,
+ unsigned char *inbuf, int inlen)
{
- RSA *rsa;
- int ret, inlen = rsa_inlen;
+ struct asymmetric_key *priv;
+ int ret;
if (inlen < 0)
return -E_RSA;
- ret = get_rsa_key(key_file, &rsa, LOAD_PRIVATE_KEY);
+ ret = get_asymmetric_key(key_file, LOAD_PRIVATE_KEY, &priv);
if (ret < 0)
return ret;
/*
* factor to protect against this kind of attack.
*/
ret = -E_BLINDING;
- if (RSA_blinding_on(rsa, NULL) == 0)
+ if (RSA_blinding_on(priv->rsa, NULL) == 0)
goto out;
- ret = RSA_private_decrypt(inlen, inbuf, outbuf, rsa, RSA_PKCS1_OAEP_PADDING);
- RSA_blinding_off(rsa);
+ ret = RSA_private_decrypt(inlen, inbuf, outbuf, priv->rsa,
+ RSA_PKCS1_OAEP_PADDING);
+ RSA_blinding_off(priv->rsa);
if (ret <= 0)
ret = -E_DECRYPT;
out:
- rsa_free(rsa);
+ free_asymmetric_key(priv);
return ret;
}
/**
- * encrypt a buffer using an RSA key
+ * Encrypt a buffer using an RSA key
*
- * \param rsa: public rsa key
- * \param inbuf the input buffer
- * \param len the length of \a inbuf
- * \param outbuf the output buffer
+ * \param pub: The public key.
+ * \param inbuf The input buffer.
+ * \param len The length of \a inbuf.
+ * \param outbuf The output buffer.
*
- * \return The size of the encrypted data on success, negative on errors
+ * \return The size of the encrypted data on success, negative on errors.
*
* \sa RSA_public_encrypt(3)
*/
-int para_encrypt_buffer(RSA *rsa, unsigned char *inbuf,
+int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
unsigned len, unsigned char *outbuf)
{
int ret, flen = len; /* RSA_public_encrypt expects a signed int */
if (flen < 0)
return -E_ENCRYPT;
- ret = RSA_public_encrypt(flen, inbuf, outbuf, rsa, RSA_PKCS1_OAEP_PADDING);
+ ret = RSA_public_encrypt(flen, inbuf, outbuf, pub->rsa,
+ RSA_PKCS1_OAEP_PADDING);
return ret < 0? -E_ENCRYPT : ret;
}
* Licensed under the GPL v2. For licencing details see COPYING.
*/
-/** \file crypt.h prototypes for the RSA crypt functions */
+/** \file crypt.h Prototypes for paraslash crypto functions. */
-#include <openssl/pem.h>
-int para_encrypt_buffer(RSA* rsa, unsigned char *inbuf, unsigned len,
- unsigned char *outbuf);
-int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *inbuf,
- unsigned rsa_inlen);
-int get_rsa_key(char *key_file, RSA **rsa, int private);
+/** Opaque structure for public and private keys. */
+struct asymmetric_key;
+
+int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
+ unsigned len, unsigned char *outbuf);
+int priv_decrypt(const char *key_file, unsigned char *outbuf,
+ unsigned char *inbuf, int inlen);
+int get_asymmetric_key(const char *key_file, int private,
+ struct asymmetric_key **result);
+void free_asymmetric_key(struct asymmetric_key *key);
-void rsa_free(RSA *rsa);
void get_random_bytes_or_die(unsigned char *buf, int num);
void init_random_seed_or_die(void);
/* keyword, name, key, perms */
char w[255], n[255], k[255], p[255], tmp[4][255];
struct user *u;
- RSA *rsa;
+ struct asymmetric_key *pubkey;
ret = para_fgets(line, sizeof(line), file_ptr);
if (ret <= 0)
if (strcmp(w, "user"))
continue;
PARA_DEBUG_LOG("found entry for user %s\n", n);
- ret = get_rsa_key(k, &rsa, LOAD_PUBLIC_KEY);
+ ret = get_asymmetric_key(k, LOAD_PUBLIC_KEY, &pubkey);
if (ret < 0) {
PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,
para_strerror(-ret));
* which are too short. For details see RSA_public_encrypt(3).
*/
if (ret <= CHALLENGE_SIZE + 2 * RC4_KEY_LEN + 41) {
- PARA_WARNING_LOG("rsa key %s too short (%d)\n",
+ PARA_WARNING_LOG("public key %s too short (%d)\n",
k, ret);
- rsa_free(rsa);
+ free_asymmetric_key(pubkey);
continue;
}
u = para_malloc(sizeof(*u));
u->name = para_strdup(n);
- u->rsa = rsa;
+ u->pubkey = pubkey;
u->perms = 0;
num = sscanf(p, "%200[A-Z_],%200[A-Z_],%200[A-Z_],%200[A-Z_]",
tmp[0], tmp[1], tmp[2], tmp[3]);
list_for_each_entry_safe(u, tmp, &user_list, node) {
list_del(&u->node);
free(u->name);
- rsa_free(u->rsa);
+ free_asymmetric_key(u->pubkey);
free(u);
}
} else
projects / paraslash.git / commitdiff