src/core/sipe-crypt-openssl.c

   1 /**
   2  * @file sipe-crypt-openssl.c
   3  *
   4  * pidgin-sipe
   5  *
   6  * Copyright (C) 2013 SIPE Project <http://sipe.sourceforge.net/>
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  21  */
  22
  23 /**
  24  * Cipher routines implementation based on OpenSSL.
  25  */
  26 #include <openssl/evp.h>
  27 #include <openssl/rsa.h>
  28
  29 #include "glib.h"
  30
  31 #include "sipe-common.h"
  32 #include "sipe-backend.h"
  33 #include "sipe-crypt.h"
  34
  35 /* OpenSSL specific initialization/shutdown */
  36 void sipe_crypto_init(SIPE_UNUSED_PARAMETER gboolean production_mode)
  37 {
  38         /* nothing to do here */
  39 }
  40
  41 void sipe_crypto_shutdown(void)
  42 {
  43         /* nothing to do here */
  44 }
  45
  46 static void openssl_oneshot_crypt(const EVP_CIPHER *type,
  47                                   const guchar *key, gsize key_length,
  48                                   const guchar *plaintext, gsize plaintext_length,
  49                                   guchar *encrypted_text)
  50 {
  51         EVP_CIPHER_CTX ctx;
  52         int encrypted_length = 0;
  53
  54         /* initialize context */
  55         EVP_CIPHER_CTX_init(&ctx);
  56         EVP_EncryptInit_ex(&ctx, type, NULL, key, NULL);
  57
  58         /* set encryption parameters */
  59         if (key_length)
  60                 EVP_CIPHER_CTX_set_key_length(&ctx, key_length);
  61         EVP_EncryptInit_ex(&ctx, NULL, NULL, key, NULL);
  62
  63         /* encrypt */
  64         EVP_EncryptUpdate(&ctx,
  65                           encrypted_text, &encrypted_length,
  66                           plaintext, plaintext_length);
  67         encrypted_text += encrypted_length;
  68         EVP_EncryptFinal_ex(&ctx, encrypted_text, &encrypted_length);
  69
  70         /* cleanup */
  71         EVP_CIPHER_CTX_cleanup(&ctx);
  72 }
  73
  74 /* DES CBC with 56-bit key */
  75 void sipe_crypt_des(const guchar *key,
  76                     const guchar *plaintext, gsize plaintext_length,
  77                     guchar *encrypted_text)
  78 {
  79         openssl_oneshot_crypt(EVP_des_cbc(),
  80                               key, 0 /* fixed length */,
  81                               plaintext, plaintext_length,
  82                               encrypted_text);
  83 }
  84
  85 /* RC4 with variable length key */
  86 void sipe_crypt_rc4(const guchar *key, gsize key_length,
  87                     const guchar *plaintext, gsize plaintext_length,
  88                     guchar *encrypted_text)
  89 {
  90         openssl_oneshot_crypt(EVP_rc4(),
  91                               key, key_length,
  92                               plaintext, plaintext_length,
  93                               encrypted_text);
  94 }
  95
  96 gboolean sipe_crypt_rsa_encrypt(gpointer public,
  97                                 gsize modulus_length,
  98                                 const guchar *plaintext,
  99                                 guchar *encrypted_text)
 100 {
 101         return(RSA_public_encrypt(modulus_length,
 102                                   plaintext,
 103                                   encrypted_text,
 104                                   public,
 105                                   RSA_NO_PADDING)
 106                != -1);
 107 }
 108
 109 gboolean sipe_crypt_rsa_decrypt(gpointer private,
 110                                 gsize modulus_length,
 111                                 const guchar *encrypted_text,
 112                                 guchar *plaintext)
 113 {
 114         return(RSA_private_decrypt(modulus_length,
 115                                    encrypted_text,
 116                                    plaintext,
 117                                    private,
 118                                    RSA_NO_PADDING)
 119                != -1);
 120 }
 121
 122 guchar *sipe_crypt_rsa_sign(gpointer private,
 123                             const guchar *digest, gsize digest_length,
 124                             gsize *signature_length)
 125 {
 126         guchar *signature = g_malloc(RSA_size(private));
 127         unsigned int length;
 128
 129         if (!RSA_sign(NID_md5_sha1,
 130                       digest, digest_length,
 131                       signature, &length,
 132                       private)) {
 133                 g_free(signature);
 134                 return(NULL);
 135         }
 136
 137         *signature_length = length;
 138         return(signature);
 139 }
 140
 141 gboolean sipe_crypt_verify_rsa(gpointer public,
 142                                const guchar *digest, gsize digest_length,
 143                                const guchar *signature, gsize signature_length)
 144 {
 145         return(RSA_verify(NID_md5_sha1,
 146                           digest, digest_length,
 147                           /* older OpenSSL version don't have "const" here */
 148                           (guchar *) signature, signature_length,
 149                           public));
 150 }
 151
 152 static gpointer openssl_rc4_init(const guchar *key, gsize key_length)
 153 {
 154         EVP_CIPHER_CTX *ctx = g_malloc(sizeof(EVP_CIPHER_CTX));
 155
 156         /* initialize context */
 157         EVP_CIPHER_CTX_init(ctx);
 158         EVP_EncryptInit_ex(ctx, EVP_rc4(), NULL, key, NULL);
 159
 160         /* set encryption parameters */
 161         EVP_CIPHER_CTX_set_key_length(ctx, key_length);
 162         EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL);
 163
 164         return(ctx);
 165 }
 166
 167 /* Stream RC4 cipher for file transfer with fixed-length 128-bit key */
 168 gpointer sipe_crypt_ft_start(const guchar *key)
 169 {
 170         return(openssl_rc4_init(key, 16));
 171 }
 172
 173 void sipe_crypt_ft_stream(gpointer context,
 174                           const guchar *in, gsize length,
 175                           guchar *out)
 176 {
 177         int tmp;
 178         EVP_EncryptUpdate(context, out, &tmp, in, length);
 179 }
 180
 181 void sipe_crypt_ft_destroy(gpointer context)
 182 {
 183         EVP_CIPHER_CTX_cleanup(context);
 184         g_free(context);
 185 }
 186
 187 /* Stream RC4 cipher for TLS with variable key length */
 188 gpointer sipe_crypt_tls_start(const guchar *key, gsize key_length)
 189 {
 190         return(openssl_rc4_init(key, key_length));
 191 }
 192
 193 void sipe_crypt_tls_stream(gpointer context,
 194                            const guchar *in, gsize length,
 195                            guchar *out)
 196 {
 197         int tmp;
 198         EVP_EncryptUpdate(context, out, &tmp, in, length);
 199 }
 200
 201 void sipe_crypt_tls_destroy(gpointer context)
 202 {
 203         EVP_CIPHER_CTX_cleanup(context);
 204         g_free(context);
 205 }
 206
 207 /*
 208   Local Variables:
 209   mode: c
 210   c-file-style: "bsd"
 211   indent-tabs-mode: t
 212   tab-width: 8
 213   End:
 214 */