[secnet] / rsa.c

#include <stdio.h>
#include <gmp.h>
#include "secnet.h"
#include "util.h"

#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"

struct rsapriv {
    closure_t cl;
    struct rsaprivkey_if ops;
    struct cloc loc;
    MP_INT d;
    MP_INT n;
};
struct rsapub {
    closure_t cl;
    struct rsapubkey_if ops;
    struct cloc loc;
    MP_INT e;
    MP_INT n;
};
/* Sign data. NB data must be smaller than modulus */

static char *hexchars="0123456789abcdef";

static string_t rsa_sign(void *sst, uint8_t *data, uint32_t datalen)
{
    struct rsapriv *st=sst;
    MP_INT a, b;
    char buff[2048];
    int msize, i;
    string_t signature;

    mpz_init(&a);
    mpz_init(&b);

    msize=mpz_sizeinbase(&st->n, 16);

    if (datalen*2+4>=msize) {
	fatal("rsa_sign: message too big");
    }

    strcpy(buff,"0001");

    for (i=0; i<datalen; i++) {
	buff[4+i*2]=hexchars[(data[i]&0xf0)>>4];
	buff[5+i*2]=hexchars[data[i]&0xf];
    }
    buff[4+datalen*2]=0;
    
    for (i=datalen*2+4; i<msize; i++)
	buff[i]='f';

    buff[msize]=0;

    mpz_set_str(&a, buff, 16);

    mpz_powm(&b, &a, &st->d, &st->n);

    signature=write_mpstring(&b);

    mpz_clear(&b);
    mpz_clear(&a);
    return signature;
}

static bool_t rsa_sig_check(void *sst, uint8_t *data, uint32_t datalen,
			    string_t signature)
{
    struct rsapub *st=sst;
    MP_INT a, b, c;
    char buff[2048];
    int msize, i;
    bool_t ok;

    mpz_init(&a);
    mpz_init(&b);
    mpz_init(&c);

    msize=mpz_sizeinbase(&st->n, 16);

    strcpy(buff,"0001");

    for (i=0; i<datalen; i++) {
	buff[4+i*2]=hexchars[(data[i]&0xf0)>>4];
	buff[5+i*2]=hexchars[data[i]&0xf];
    }
    buff[4+datalen*2]=0;

    for (i=datalen*2+4; i<msize; i++)
	buff[i]='f';

    buff[msize]=0;

    mpz_set_str(&a, buff, 16);

    mpz_set_str(&b, signature, 16);

    mpz_powm(&c, &b, &st->e, &st->n);

    ok=(mpz_cmp(&a, &c)==0);

    mpz_clear(&c);
    mpz_clear(&b);
    mpz_clear(&a);

    return ok;
}

static list_t *rsapub_apply(closure_t *self, struct cloc loc, dict_t *context,
			    list_t *args)
{
    struct rsapub *st;
    item_t *i;
    string_t e,n;

    st=safe_malloc(sizeof(*st),"rsapub_apply");
    st->cl.description="rsapub";
    st->cl.type=CL_RSAPUBKEY;
    st->cl.apply=NULL;
    st->cl.interface=&st->ops;
    st->ops.st=st;
    st->ops.check=rsa_sig_check;
    st->loc=loc;

    i=list_elem(args,0);
    if (i) {
	if (i->type!=t_string) {
	    cfgfatal(i->loc,"rsa-public","first argument must be a string");
	}
	e=i->data.string;
	if (mpz_init_set_str(&st->e,e,10)!=0) {
	    cfgfatal(i->loc,"rsa-public","encryption key \"%s\" is not a "
		     "decimal number string\n",e);
	}
    } else {
	cfgfatal(loc,"rsa-public","you must provide an encryption key\n");
    }
    
    i=list_elem(args,1);
    if (i) {
	if (i->type!=t_string) {
	    cfgfatal(i->loc,"rsa-public","second argument must be a string");
	}
	n=i->data.string;
	if (mpz_init_set_str(&st->n,n,10)!=0) {
	    cfgfatal(i->loc,"rsa-public","modulus \"%s\" is not a decimal "
		     "number string\n",n);
	}
    } else {
	cfgfatal(loc,"rsa-public","you must provide a modulus\n");
    }
    return new_closure(&st->cl);
}

static uint32_t keyfile_get_int(struct cloc loc, FILE *f)
{
    uint32_t r;
    r=fgetc(f)<<24;
    r|=fgetc(f)<<16;
    r|=fgetc(f)<<8;
    r|=fgetc(f);
    cfgfile_postreadcheck(loc,f);
    return r;
}

static uint16_t keyfile_get_short(struct cloc loc, FILE *f)
{
    uint16_t r;
    r=fgetc(f)<<8;
    r|=fgetc(f);
    cfgfile_postreadcheck(loc,f);
    return r;
}

static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
			     list_t *args)
{
    struct rsapriv *st;
    FILE *f;
    string_t filename;
    item_t *i;
    long length;
    uint8_t *b, *c;
    int cipher_type;
    MP_INT e,sig,plain,check;

    st=safe_malloc(sizeof(*st),"rsapriv_apply");
    st->cl.description="rsapriv";
    st->cl.type=CL_RSAPRIVKEY;
    st->cl.apply=NULL;
    st->cl.interface=&st->ops;
    st->ops.st=st;
    st->ops.sign=rsa_sign;
    st->loc=loc;

    /* Argument is filename pointing to SSH1 private key file */
    i=list_elem(args,0);
    if (i) {
	if (i->type!=t_string) {
	    cfgfatal(i->loc,"rsa-public","first argument must be a string");
	}
	filename=i->data.string;
    } else {
	filename=""; /* Make compiler happy */
	cfgfatal(loc,"rsa-private","you must provide a filename\n");
    }

    f=fopen(filename,"rb");
    if (!f) {
	if (just_check_config) {
	    Message(M_WARNING,"rsa-private (%s:%d): cannot open keyfile "
		    "\"%s\"; assuming it's valid while we check the "
		    "rest of the configuration\n",loc.file,loc.line,filename);
	    goto assume_valid;
	} else {
	    fatal_perror("rsa-private (%s:%d): cannot open file \"%s\"",
			 loc.file,loc.line,filename);
	}
    }

    /* Check that the ID string is correct */
    length=strlen(AUTHFILE_ID_STRING)+1;
    b=safe_malloc(length,"rsapriv_apply");
    if (fread(b,length,1,f)!=1 || memcmp(b,AUTHFILE_ID_STRING,length)!=0) {
	cfgfatal_maybefile(f,loc,"rsa-private","failed to read magic ID"
			   " string from SSH1 private keyfile \"%s\"\n",
			   filename);
    }
    free(b);

    cipher_type=fgetc(f);
    keyfile_get_int(loc,f); /* "Reserved data" */
    if (cipher_type != 0) {
	cfgfatal(loc,"rsa-private","we don't support encrypted keyfiles\n");
    }

    /* Read the public key */
    keyfile_get_int(loc,f); /* Not sure what this is */
    length=(keyfile_get_short(loc,f)+7)/8;
    if (length>1024) {
	cfgfatal(loc,"rsa-private","implausible length %ld for modulus\n",
		 length);
    }
    b=safe_malloc(length,"rsapriv_apply");
    if (fread(b,length,1,f) != 1) {
	cfgfatal_maybefile(f,loc,"rsa-private","error reading modulus");
    }
    mpz_init(&st->n);
    read_mpbin(&st->n,b,length);
    free(b);
    length=(keyfile_get_short(loc,f)+7)/8;
    if (length>1024) {
	cfgfatal(loc,"rsa-private","implausible length %ld for e\n",length);
    }
    b=safe_malloc(length,"rsapriv_apply");
    if (fread(b,length,1,f)!=1) {
	cfgfatal_maybefile(f,loc,"rsa-private","error reading e\n");
    }
    mpz_init(&e);
    read_mpbin(&e,b,length);
    free(b);
    
    length=keyfile_get_int(loc,f);
    if (length>1024) {
	cfgfatal(loc,"rsa-private","implausibly long (%ld) key comment\n",
		 length);
    }
    c=safe_malloc(length+1,"rsapriv_apply");
    if (fread(c,length,1,f)!=1) {
	cfgfatal_maybefile(f,loc,"rsa-private","error reading key comment\n");
    }
    c[length]=0;

    /* Check that the next two pairs of characters are identical - the
       keyfile is not encrypted, so they should be */

    if (keyfile_get_short(loc,f) != keyfile_get_short(loc,f)) {
	cfgfatal(loc,"rsa-private","corrupt keyfile\n");
    }

    /* Read d */
    length=(keyfile_get_short(loc,f)+7)/8;
    if (length>1024) {
	cfgfatal(loc,"rsa-private","implausibly long (%ld) decryption key\n",
		 length);
    }
    b=safe_malloc(length,"rsapriv_apply");
    if (fread(b,length,1,f)!=1) {
	cfgfatal_maybefile(f,loc,"rsa-private",
			   "error reading decryption key\n");
    }
    mpz_init(&st->d);
    read_mpbin(&st->d,b,length);
    free(b);
    
    if (fclose(f)!=0) {
	fatal_perror("rsa-private (%s:%d): fclose",loc.file,loc.line);
    }

    /* Now do trial signature/check to make sure it's a real keypair:
       sign the comment string! */
    i=list_elem(args,1);
    if (i && i->type==t_bool && i->data.bool==False) {
	Message(M_INFO,"rsa-private (%s:%d): skipping RSA key validity "
		"check\n",loc.file,loc.line);
    } else {
	mpz_init(&sig);
	mpz_init(&plain);
	mpz_init(&check);
	read_mpbin(&plain,c,strlen(c));
	mpz_powm(&sig, &plain, &st->d, &st->n);
	mpz_powm(&check, &sig, &e, &st->n);
	if (mpz_cmp(&plain,&check)!=0) {
	    cfgfatal(loc,"rsa-private","file \"%s\" does not contain a "
		     "valid RSA key!\n",filename);
	}
	mpz_clear(&sig);
	mpz_clear(&plain);
	mpz_clear(&check);
    }

    free(c);
    mpz_clear(&e);

assume_valid:
    return new_closure(&st->cl);
}

init_module rsa_module;
void rsa_module(dict_t *dict)
{
    add_closure(dict,"rsa-private",rsapriv_apply);
    add_closure(dict,"rsa-public",rsapub_apply);
}
Commit	Line	Data
2fe58dfd SE	1	#include <stdio.h>
	2	#include <gmp.h>
	3	#include "secnet.h"
	4	#include "util.h"
	5
	6	#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
	7
	8	struct rsapriv {
	9	closure_t cl;
	10	struct rsaprivkey_if ops;
	11	struct cloc loc;
	12	MP_INT d;
	13	MP_INT n;
	14	};
	15	struct rsapub {
	16	closure_t cl;
	17	struct rsapubkey_if ops;
	18	struct cloc loc;
	19	MP_INT e;
	20	MP_INT n;
	21	};
	22	/* Sign data. NB data must be smaller than modulus */
	23
	24	static char *hexchars="0123456789abcdef";
	25
	26	static string_t rsa_sign(void sst, uint8_t data, uint32_t datalen)
	27	{
	28	struct rsapriv *st=sst;
	29	MP_INT a, b;
	30	char buff[2048];
	31	int msize, i;
	32	string_t signature;
	33
	34	mpz_init(&a);
	35	mpz_init(&b);
	36
	37	msize=mpz_sizeinbase(&st->n, 16);
	38
3454dce4	39	if (datalen*2+4>=msize) {
4f5e39ec	40	fatal("rsa_sign: message too big");
3454dce4 SE	41	}
3454dce4 SE	42
2fe58dfd SE	43	strcpy(buff,"0001");
	44
	45	for (i=0; i<datalen; i++) {
	46	buff[4+i*2]=hexchars[(data[i]&0xf0)>>4];
	47	buff[5+i*2]=hexchars[data[i]&0xf];
	48	}
	49	buff[4+datalen*2]=0;
3454dce4	50
2fe58dfd SE	51	for (i=datalen*2+4; i<msize; i++)
	52	buff[i]='f';
	53
	54	buff[msize]=0;
	55
	56	mpz_set_str(&a, buff, 16);
	57
	58	mpz_powm(&b, &a, &st->d, &st->n);
	59
	60	signature=write_mpstring(&b);
	61
	62	mpz_clear(&b);
	63	mpz_clear(&a);
	64	return signature;
	65	}
	66
	67	static bool_t rsa_sig_check(void sst, uint8_t data, uint32_t datalen,
	68	string_t signature)
	69	{
	70	struct rsapub *st=sst;
	71	MP_INT a, b, c;
	72	char buff[2048];
	73	int msize, i;
	74	bool_t ok;
	75
	76	mpz_init(&a);
	77	mpz_init(&b);
	78	mpz_init(&c);
	79
	80	msize=mpz_sizeinbase(&st->n, 16);
	81
	82	strcpy(buff,"0001");
	83
	84	for (i=0; i<datalen; i++) {
	85	buff[4+i*2]=hexchars[(data[i]&0xf0)>>4];
	86	buff[5+i*2]=hexchars[data[i]&0xf];
	87	}
	88	buff[4+datalen*2]=0;
	89
	90	for (i=datalen*2+4; i<msize; i++)
	91	buff[i]='f';
	92
	93	buff[msize]=0;
	94
	95	mpz_set_str(&a, buff, 16);
	96
	97	mpz_set_str(&b, signature, 16);
	98
	99	mpz_powm(&c, &b, &st->e, &st->n);
	100
	101	ok=(mpz_cmp(&a, &c)==0);
	102
	103	mpz_clear(&c);
	104	mpz_clear(&b);
	105	mpz_clear(&a);
	106
	107	return ok;
	108	}
	109
	110	static list_t rsapub_apply(closure_t self, struct cloc loc, dict_t *context,
	111	list_t *args)
	112	{
	113	struct rsapub *st;
	114	item_t *i;
115	string_t e,n;
116
117	st=safe_malloc(sizeof(*st),"rsapub_apply");
118	st->cl.description="rsapub";
119	st->cl.type=CL_RSAPUBKEY;
120	st->cl.apply=NULL;
121	st->cl.interface=&st->ops;
122	st->ops.st=st;
123	st->ops.check=rsa_sig_check;
124	st->loc=loc;
125
126	i=list_elem(args,0);
127	if (i) {
128	if (i->type!=t_string) {
129	cfgfatal(i->loc,"rsa-public","first argument must be a string");
130	}
131	e=i->data.string;
132	if (mpz_init_set_str(&st->e,e,10)!=0) {
133	cfgfatal(i->loc,"rsa-public","encryption key \"%s\" is not a "
134	"decimal number string\n",e);
135	}
136	} else {
137	cfgfatal(loc,"rsa-public","you must provide an encryption key\n");
138	}
139
140	i=list_elem(args,1);
141	if (i) {
142	if (i->type!=t_string) {
143	cfgfatal(i->loc,"rsa-public","second argument must be a string");
144	}
145	n=i->data.string;
146	if (mpz_init_set_str(&st->n,n,10)!=0) {
147	cfgfatal(i->loc,"rsa-public","modulus \"%s\" is not a decimal "
148	"number string\n",n);
149	}
150	} else {
151	cfgfatal(loc,"rsa-public","you must provide a modulus\n");
152	}
153	return new_closure(&st->cl);
154	}
155
4f5e39ec	156	static uint32_t keyfile_get_int(struct cloc loc, FILE *f)
2fe58dfd SE	157	{
	158	uint32_t r;
	159	r=fgetc(f)<<24;
	160	r\|=fgetc(f)<<16;
	161	r\|=fgetc(f)<<8;
	162	r\|=fgetc(f);
4f5e39ec	163	cfgfile_postreadcheck(loc,f);
2fe58dfd SE	164	return r;
	165	}
	166
4f5e39ec	167	static uint16_t keyfile_get_short(struct cloc loc, FILE *f)
2fe58dfd SE	168	{
	169	uint16_t r;
	170	r=fgetc(f)<<8;
	171	r\|=fgetc(f);
4f5e39ec	172	cfgfile_postreadcheck(loc,f);
2fe58dfd SE	173	return r;
	174	}
	175
	176	static list_t rsapriv_apply(closure_t self, struct cloc loc, dict_t *context,
	177	list_t *args)
	178	{
	179	struct rsapriv *st;
	180	FILE *f;
	181	string_t filename;
	182	item_t *i;
	183	long length;
	184	uint8_t b, c;
	185	int cipher_type;
	186	MP_INT e,sig,plain,check;
	187
	188	st=safe_malloc(sizeof(*st),"rsapriv_apply");
	189	st->cl.description="rsapriv";
	190	st->cl.type=CL_RSAPRIVKEY;
	191	st->cl.apply=NULL;
	192	st->cl.interface=&st->ops;
	193	st->ops.st=st;
	194	st->ops.sign=rsa_sign;
	195	st->loc=loc;
	196
	197	/* Argument is filename pointing to SSH1 private key file */
	198	i=list_elem(args,0);
	199	if (i) {
	200	if (i->type!=t_string) {
	201	cfgfatal(i->loc,"rsa-public","first argument must be a string");
	202	}
	203	filename=i->data.string;
	204	} else {
	205	filename=""; /* Make compiler happy */
	206	cfgfatal(loc,"rsa-private","you must provide a filename\n");
	207	}
	208
	209	f=fopen(filename,"rb");
	210	if (!f) {
baa06aeb SE	211	if (just_check_config) {
	212	Message(M_WARNING,"rsa-private (%s:%d): cannot open keyfile "
	213	"\"%s\"; assuming it's valid while we check the "
	214	"rest of the configuration\n",loc.file,loc.line,filename);
	215	goto assume_valid;
	216	} else {
	217	fatal_perror("rsa-private (%s:%d): cannot open file \"%s\"",
	218	loc.file,loc.line,filename);
	219	}
2fe58dfd SE	220	}
	221
	222	/* Check that the ID string is correct */
	223	length=strlen(AUTHFILE_ID_STRING)+1;
	224	b=safe_malloc(length,"rsapriv_apply");
	225	if (fread(b,length,1,f)!=1 \|\| memcmp(b,AUTHFILE_ID_STRING,length)!=0) {
4f5e39ec SE	226	cfgfatal_maybefile(f,loc,"rsa-private","failed to read magic ID"
	227	" string from SSH1 private keyfile \"%s\"\n",
	228	filename);
2fe58dfd SE	229	}
	230	free(b);
	231
	232	cipher_type=fgetc(f);
4f5e39ec	233	keyfile_get_int(loc,f); /* "Reserved data" */
2fe58dfd SE	234	if (cipher_type != 0) {
	235	cfgfatal(loc,"rsa-private","we don't support encrypted keyfiles\n");
	236	}
	237
	238	/* Read the public key */
4f5e39ec SE	239	keyfile_get_int(loc,f); /* Not sure what this is */
4f5e39ec SE	240	length=(keyfile_get_short(loc,f)+7)/8;
2fe58dfd SE	241	if (length>1024) {
	242	cfgfatal(loc,"rsa-private","implausible length %ld for modulus\n",
	243	length);
	244	}
	245	b=safe_malloc(length,"rsapriv_apply");
	246	if (fread(b,length,1,f) != 1) {
4f5e39ec	247	cfgfatal_maybefile(f,loc,"rsa-private","error reading modulus");
2fe58dfd SE	248	}
	249	mpz_init(&st->n);
	250	read_mpbin(&st->n,b,length);
	251	free(b);
4f5e39ec	252	length=(keyfile_get_short(loc,f)+7)/8;
2fe58dfd SE	253	if (length>1024) {
	254	cfgfatal(loc,"rsa-private","implausible length %ld for e\n",length);
	255	}
	256	b=safe_malloc(length,"rsapriv_apply");
	257	if (fread(b,length,1,f)!=1) {
4f5e39ec	258	cfgfatal_maybefile(f,loc,"rsa-private","error reading e\n");
2fe58dfd SE	259	}
	260	mpz_init(&e);
	261	read_mpbin(&e,b,length);
	262	free(b);
	263
4f5e39ec	264	length=keyfile_get_int(loc,f);
2fe58dfd SE	265	if (length>1024) {
	266	cfgfatal(loc,"rsa-private","implausibly long (%ld) key comment\n",
	267	length);
	268	}
	269	c=safe_malloc(length+1,"rsapriv_apply");
	270	if (fread(c,length,1,f)!=1) {
4f5e39ec	271	cfgfatal_maybefile(f,loc,"rsa-private","error reading key comment\n");
2fe58dfd SE	272	}
	273	c[length]=0;
	274
	275	/* Check that the next two pairs of characters are identical - the
	276	keyfile is not encrypted, so they should be */
4f5e39ec SE	277
4f5e39ec SE	278	if (keyfile_get_short(loc,f) != keyfile_get_short(loc,f)) {
2fe58dfd SE	279	cfgfatal(loc,"rsa-private","corrupt keyfile\n");
	280	}
	281
	282	/* Read d */
4f5e39ec	283	length=(keyfile_get_short(loc,f)+7)/8;
2fe58dfd SE	284	if (length>1024) {
	285	cfgfatal(loc,"rsa-private","implausibly long (%ld) decryption key\n",
	286	length);
	287	}
	288	b=safe_malloc(length,"rsapriv_apply");
	289	if (fread(b,length,1,f)!=1) {
4f5e39ec SE	290	cfgfatal_maybefile(f,loc,"rsa-private",
4f5e39ec SE	291	"error reading decryption key\n");
2fe58dfd SE	292	}
	293	mpz_init(&st->d);
	294	read_mpbin(&st->d,b,length);
	295	free(b);
	296
	297	if (fclose(f)!=0) {
	298	fatal_perror("rsa-private (%s:%d): fclose",loc.file,loc.line);
	299	}
	300
	301	/* Now do trial signature/check to make sure it's a real keypair:
	302	sign the comment string! */
70dc107b SE	303	i=list_elem(args,1);
	304	if (i && i->type==t_bool && i->data.bool==False) {
	305	Message(M_INFO,"rsa-private (%s:%d): skipping RSA key validity "
	306	"check\n",loc.file,loc.line);
	307	} else {
	308	mpz_init(&sig);
	309	mpz_init(&plain);
	310	mpz_init(&check);
	311	read_mpbin(&plain,c,strlen(c));
	312	mpz_powm(&sig, &plain, &st->d, &st->n);
	313	mpz_powm(&check, &sig, &e, &st->n);
	314	if (mpz_cmp(&plain,&check)!=0) {
	315	cfgfatal(loc,"rsa-private","file \"%s\" does not contain a "
	316	"valid RSA key!\n",filename);
	317	}
	318	mpz_clear(&sig);
	319	mpz_clear(&plain);
	320	mpz_clear(&check);
2fe58dfd	321	}
2fe58dfd SE	322
	323	free(c);
	324	mpz_clear(&e);
	325
baa06aeb	326	assume_valid:
2fe58dfd SE	327	return new_closure(&st->cl);
	328	}
	329
	330	init_module rsa_module;
	331	void rsa_module(dict_t *dict)
	332	{
	333	add_closure(dict,"rsa-private",rsapriv_apply);
	334	add_closure(dict,"rsa-public",rsapub_apply);
	335	}