src/core/sipe-crypt-openssl.c

   1 /**
   2  * @file sipe-crypt-openssl.c
   3  *
   4  * pidgin-sipe
   5  *
   6  * Copyright (C) 2013-2015 SIPE Project <http://sipe.sourceforge.net/>
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  21  */
  22
  23 /**
  24  * Cipher routines implementation based on OpenSSL.
  25  */
  26 #include <openssl/evp.h>
  27 #include <openssl/rsa.h>
  28
  29 #include "glib.h"
  30
  31 #include "sipe-common.h"
  32 #include "sipe-backend.h"
  33 #include "sipe-crypt.h"
  34
  35 /* OpenSSL specific initialization/shutdown */
  36 void sipe_crypto_init(SIPE_UNUSED_PARAMETER gboolean production_mode)
  37 {
  38         /* nothing to do here */
  39 }
  40
  41 void sipe_crypto_shutdown(void)
  42 {
  43         /* nothing to do here */
  44 }
  45
  46 static void openssl_oneshot_crypt(const EVP_CIPHER *type,
  47                                   const guchar *key, gsize key_length,
  48                                   const guchar *plaintext, gsize plaintext_length,
  49                                   guchar *encrypted_text)
  50 {
  51         EVP_CIPHER_CTX ctx;
  52         int encrypted_length = 0;
  53
  54         /* initialize context */
  55         EVP_CIPHER_CTX_init(&ctx);
  56         EVP_EncryptInit_ex(&ctx, type, NULL, key, NULL);
  57
  58         /* set encryption parameters */
  59         if (key_length)
  60                 EVP_CIPHER_CTX_set_key_length(&ctx, key_length);
  61         EVP_EncryptInit_ex(&ctx, NULL, NULL, key, NULL);
  62
  63         /* encrypt */
  64         EVP_EncryptUpdate(&ctx,
  65                           encrypted_text, &encrypted_length,
  66                           plaintext, plaintext_length);
  67         encrypted_text += encrypted_length;
  68         EVP_EncryptFinal_ex(&ctx, encrypted_text, &encrypted_length);
  69
  70         /* cleanup */
  71         EVP_CIPHER_CTX_cleanup(&ctx);
  72 }
  73
  74 /* DES CBC with 56-bit key */
  75 void sipe_crypt_des(const guchar *key,
  76                     const guchar *plaintext, gsize plaintext_length,
  77                     guchar *encrypted_text)
  78 {
  79         openssl_oneshot_crypt(EVP_des_cbc(),
  80                               key, 0 /* fixed length */,
  81                               plaintext, plaintext_length,
  82                               encrypted_text);
  83 }
  84
  85 /* RC4 with variable length key */
  86 void sipe_crypt_rc4(const guchar *key, gsize key_length,
  87                     const guchar *plaintext, gsize plaintext_length,
  88                     guchar *encrypted_text)
  89 {
  90         openssl_oneshot_crypt(EVP_rc4(),
  91                               key, key_length,
  92                               plaintext, plaintext_length,
  93                               encrypted_text);
  94 }
  95
  96 gboolean sipe_crypt_rsa_encrypt(gpointer public,
  97                                 gsize modulus_length,
  98                                 const guchar *plaintext,
  99                                 guchar *encrypted_text)
 100 {
 101         return(RSA_public_encrypt(modulus_length,
 102                                   plaintext,
 103                                   encrypted_text,
 104                                   public,
 105                                   RSA_NO_PADDING)
 106                != -1);
 107 }
 108
 109 gboolean sipe_crypt_rsa_decrypt(gpointer private,
 110                                 gsize modulus_length,
 111                                 const guchar *encrypted_text,
 112                                 guchar *plaintext)
 113 {
 114         return(RSA_private_decrypt(modulus_length,
 115                                    encrypted_text,
 116                                    plaintext,
 117                                    private,
 118                                    RSA_NO_PADDING)
 119                != -1);
 120 }
 121
 122 guchar *sipe_crypt_rsa_sign(gpointer private,
 123                             const guchar *digest, gsize digest_length,
 124                             gsize *signature_length)
 125 {
 126         guchar *signature = g_malloc(RSA_size(private));
 127         unsigned int length;
 128
 129         if (!RSA_sign(NID_md5_sha1,
 130                       digest, digest_length,
 131                       signature, &length,
 132                       private)) {
 133                 g_free(signature);
 134                 return(NULL);
 135         }
 136
 137         *signature_length = length;
 138         return(signature);
 139 }
 140
 141 gboolean sipe_crypt_verify_rsa(gpointer public,
 142                                const guchar *digest, gsize digest_length,
 143                                const guchar *signature, gsize signature_length)
 144 {
 145         return(RSA_verify(NID_md5_sha1,
 146                           digest, digest_length,
 147                           /* older OpenSSL version don't have "const" here */
 148                           (guchar *) signature, signature_length,
 149                           public));
 150 }
 151
 152 static gpointer openssl_EVP_init(const EVP_CIPHER *(*evp)(),
 153                                  const guchar *key,
 154                                  gsize key_length)
 155 {
 156         EVP_CIPHER_CTX *ctx = g_malloc(sizeof(EVP_CIPHER_CTX));
 157
 158         /* initialize context */
 159         EVP_CIPHER_CTX_init(ctx);
 160         EVP_EncryptInit_ex(ctx, (*evp)(), NULL, key, NULL);
 161
 162         /* set encryption parameters */
 163         EVP_CIPHER_CTX_set_key_length(ctx, key_length);
 164         EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL);
 165
 166         return(ctx);
 167 }
 168
 169 /* Stream RC4 cipher for file transfer with fixed-length 128-bit key */
 170 gpointer sipe_crypt_ft_start(const guchar *key)
 171 {
 172         return(openssl_EVP_init(EVP_rc4, key, 16));
 173 }
 174
 175 void sipe_crypt_ft_stream(gpointer context,
 176                           const guchar *in, gsize length,
 177                           guchar *out)
 178 {
 179         int tmp;
 180         EVP_EncryptUpdate(context, out, &tmp, in, length);
 181 }
 182
 183 void sipe_crypt_ft_destroy(gpointer context)
 184 {
 185         EVP_CIPHER_CTX_cleanup(context);
 186         g_free(context);
 187 }
 188
 189 /* Stream cipher for TLS with variable key length */
 190 gpointer sipe_crypt_tls_start(guint type, const guchar *key, gsize key_length)
 191 {
 192         gpointer result = NULL;
 193
 194         switch (type) {
 195         case SIPE_CRYPT_STREAM_RC4:
 196                 result = openssl_EVP_init(EVP_rc4, key, key_length);
 197                 break;
 198
 199         case SIPE_CRYPT_STREAM_AES_CBC:
 200                 switch (key_length) {
 201                 case 16:
 202                         result = openssl_EVP_init(EVP_aes_128_cbc, key, key_length);
 203                         break;
 204                 case 24:
 205                         result = openssl_EVP_init(EVP_aes_192_cbc, key, key_length);
 206                         break;
 207                 case 32:
 208                         result = openssl_EVP_init(EVP_aes_256_cbc, key, key_length);
 209                         break;
 210                 default:
 211                         SIPE_DEBUG_ERROR("sipe_crypt_tls_start: unsupported key length %" G_GSIZE_FORMAT " bytes for AES CBC",
 212                                          key_length);
 213                         break;
 214                 }
 215                 break;
 216
 217         default:
 218                 SIPE_DEBUG_ERROR("sipe_crypt_tls_start: unknown cipher type '%d'",
 219                                  type);
 220                 break;
 221         }
 222
 223         return(result);
 224 }
 225
 226 void sipe_crypt_tls_stream(gpointer context,
 227                            const guchar *in, gsize length,
 228                            guchar *out)
 229 {
 230         int tmp;
 231         EVP_EncryptUpdate(context, out, &tmp, in, length);
 232 }
 233
 234 void sipe_crypt_tls_destroy(gpointer context)
 235 {
 236         EVP_CIPHER_CTX_cleanup(context);
 237         g_free(context);
 238 }
 239
 240 /*
 241   Local Variables:
 242   mode: c
 243   c-file-style: "bsd"
 244   indent-tabs-mode: t
 245   tab-width: 8
 246   End:
 247 */