VirtualBox

source: vbox/trunk/src/VBox/RDP/client/ssl.c@ 47918

Last change on this file since 47918 was 37224, checked in by vboxsync, 14 years ago

RDP/client: fix OSE

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 5.7 KB
Line 
1/* -*- c-basic-offset: 8 -*-
2 rdesktop: A Remote Desktop Protocol client.
3 Secure sockets abstraction layer
4 Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
5 Copyright (C) Jay Sorg <j@american-data.com> 2006-2008
6
7 This program is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19*/
20
21/*
22 * Oracle GPL Disclaimer: For the avoidance of doubt, except that if any license choice
23 * other than GPL or LGPL is available it will apply instead, Oracle elects to use only
24 * the General Public License version 2 (GPLv2) at this time for any software where
25 * a choice of GPL license versions is made available with the language indicating
26 * that GPLv2 or any later version may be used, or where a choice of which version
27 * of the GPL is applied is otherwise unspecified.
28 */
29
30#include "rdesktop.h"
31#include "ssl.h"
32
33void
34ssl_sha1_init(SSL_SHA1 * sha1)
35{
36 SHA1_Init(sha1);
37}
38
39void
40ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len)
41{
42 SHA1_Update(sha1, data, len);
43}
44
45void
46ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data)
47{
48 SHA1_Final(out_data, sha1);
49}
50
51void
52ssl_md5_init(SSL_MD5 * md5)
53{
54 MD5_Init(md5);
55}
56
57void
58ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len)
59{
60 MD5_Update(md5, data, len);
61}
62
63void
64ssl_md5_final(SSL_MD5 * md5, uint8 * out_data)
65{
66 MD5_Final(out_data, md5);
67}
68
69void
70ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len)
71{
72 RC4_set_key(rc4, len, key);
73}
74
75void
76ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
77{
78 RC4(rc4, len, in_data, out_data);
79}
80
81static void
82reverse(uint8 * p, int len)
83{
84 int i, j;
85 uint8 temp;
86
87 for (i = 0, j = len - 1; i < j; i++, j--)
88 {
89 temp = p[i];
90 p[i] = p[j];
91 p[j] = temp;
92 }
93}
94
95void
96ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
97 uint8 * exponent)
98{
99 BN_CTX *ctx;
100 BIGNUM mod, exp, x, y;
101 uint8 inr[SEC_MAX_MODULUS_SIZE];
102 int outlen;
103
104 reverse(modulus, modulus_size);
105 reverse(exponent, SEC_EXPONENT_SIZE);
106 memcpy(inr, in, len);
107 reverse(inr, len);
108
109 ctx = BN_CTX_new();
110 BN_init(&mod);
111 BN_init(&exp);
112 BN_init(&x);
113 BN_init(&y);
114
115 BN_bin2bn(modulus, modulus_size, &mod);
116 BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
117 BN_bin2bn(inr, len, &x);
118 BN_mod_exp(&y, &x, &exp, &mod, ctx);
119 outlen = BN_bn2bin(&y, out);
120 reverse(out, outlen);
121 if (outlen < (int) modulus_size)
122 memset(out + outlen, 0, modulus_size - outlen);
123
124 BN_free(&y);
125 BN_clear_free(&x);
126 BN_free(&exp);
127 BN_free(&mod);
128 BN_CTX_free(ctx);
129}
130
131/* returns newly allocated SSL_CERT or NULL */
132SSL_CERT *
133ssl_cert_read(uint8 * data, uint32 len)
134{
135 /* this will move the data pointer but we don't care, we don't use it again */
136 return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
137}
138
139void
140ssl_cert_free(SSL_CERT * cert)
141{
142 X509_free(cert);
143}
144
145/* returns newly allocated SSL_RKEY or NULL */
146SSL_RKEY *
147ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
148{
149 EVP_PKEY *epk = NULL;
150 SSL_RKEY *lkey;
151 int nid;
152
153 /* By some reason, Microsoft sets the OID of the Public RSA key to
154 the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
155
156 Kudos to Richard Levitte for the following (. intiutive .)
157 lines of code that resets the OID and let's us extract the key. */
158 nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
159 if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption))
160 {
161 DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
162 ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
163 cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
164 }
165 epk = X509_get_pubkey(cert);
166 if (NULL == epk)
167 {
168 error("Failed to extract public key from certificate\n");
169 return NULL;
170 }
171
172 lkey = RSAPublicKey_dup(EVP_PKEY_get1_RSA(epk));
173 EVP_PKEY_free(epk);
174 *key_len = RSA_size(lkey);
175 return lkey;
176}
177
178/* returns boolean */
179RD_BOOL
180ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
181{
182 /* Currently, we don't use the CA Certificate.
183 FIXME:
184 *) Verify the server certificate (server_cert) with the
185 CA certificate.
186 *) Store the CA Certificate with the hostname of the
187 server we are connecting to as key, and compare it
188 when we connect the next time, in order to prevent
189 MITM-attacks.
190 */
191 return True;
192}
193
194int
195ssl_cert_print_fp(FILE * fp, SSL_CERT * cert)
196{
197 return X509_print_fp(fp, cert);
198}
199
200void
201ssl_rkey_free(SSL_RKEY * rkey)
202{
203 RSA_free(rkey);
204}
205
206/* returns error */
207int
208ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
209 uint32 max_mod_len)
210{
211 int len;
212
213 if ((BN_num_bytes(rkey->e) > (int) max_exp_len) ||
214 (BN_num_bytes(rkey->n) > (int) max_mod_len))
215 {
216 return 1;
217 }
218 len = BN_bn2bin(rkey->e, exponent);
219 reverse(exponent, len);
220 len = BN_bn2bin(rkey->n, modulus);
221 reverse(modulus, len);
222 return 0;
223}
224
225/* returns boolean */
226RD_BOOL
227ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
228 uint8 * signature, uint32 sig_len)
229{
230 /* Currently, we don't check the signature
231 FIXME:
232 */
233 return True;
234}
235
236
237void
238ssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, unsigned char *md)
239{
240 HMAC_CTX ctx;
241 HMAC_CTX_init(&ctx);
242 HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL);
243 HMAC_CTX_cleanup(&ctx);
244}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette