VirtualBox

source: vbox/trunk/src/VBox/RDP/client/ssl.c@ 14664

最後變更 在這個檔案從14664是 11982,由 vboxsync 提交於 16 年 前

All: license header changes for 2.0 (OSE headers, add Sun GPL/LGPL disclaimer)

  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 5.5 KB
 
1/* -*- c-basic-offset: 8 -*-
2 rdesktop: A Remote Desktop Protocol client.
3 Secure sockets abstraction layer
4 Copyright (C) Matthew Chapman 1999-2007
5 Copyright (C) Jay Sorg 2006-2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20*/
21
22/*
23 * Sun GPL Disclaimer: For the avoidance of doubt, except that if any license choice
24 * other than GPL or LGPL is available it will apply instead, Sun elects to use only
25 * the General Public License version 2 (GPLv2) at this time for any software where
26 * a choice of GPL license versions is made available with the language indicating
27 * that GPLv2 or any later version may be used, or where a choice of which version
28 * of the GPL is applied is otherwise unspecified.
29 */
30
31#include "rdesktop.h"
32#include "ssl.h"
33
34void
35ssl_sha1_init(SSL_SHA1 * sha1)
36{
37 SHA1_Init(sha1);
38}
39
40void
41ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len)
42{
43 SHA1_Update(sha1, data, len);
44}
45
46void
47ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data)
48{
49 SHA1_Final(out_data, sha1);
50}
51
52void
53ssl_md5_init(SSL_MD5 * md5)
54{
55 MD5_Init(md5);
56}
57
58void
59ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len)
60{
61 MD5_Update(md5, data, len);
62}
63
64void
65ssl_md5_final(SSL_MD5 * md5, uint8 * out_data)
66{
67 MD5_Final(out_data, md5);
68}
69
70void
71ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len)
72{
73 RC4_set_key(rc4, len, key);
74}
75
76void
77ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
78{
79 RC4(rc4, len, in_data, out_data);
80}
81
82static void
83reverse(uint8 * p, int len)
84{
85 int i, j;
86 uint8 temp;
87
88 for (i = 0, j = len - 1; i < j; i++, j--)
89 {
90 temp = p[i];
91 p[i] = p[j];
92 p[j] = temp;
93 }
94}
95
96void
97ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
98 uint8 * exponent)
99{
100 BN_CTX *ctx;
101 BIGNUM mod, exp, x, y;
102 uint8 inr[SEC_MAX_MODULUS_SIZE];
103 int outlen;
104
105 reverse(modulus, modulus_size);
106 reverse(exponent, SEC_EXPONENT_SIZE);
107 memcpy(inr, in, len);
108 reverse(inr, len);
109
110 ctx = BN_CTX_new();
111 BN_init(&mod);
112 BN_init(&exp);
113 BN_init(&x);
114 BN_init(&y);
115
116 BN_bin2bn(modulus, modulus_size, &mod);
117 BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
118 BN_bin2bn(inr, len, &x);
119 BN_mod_exp(&y, &x, &exp, &mod, ctx);
120 outlen = BN_bn2bin(&y, out);
121 reverse(out, outlen);
122 if (outlen < (int) modulus_size)
123 memset(out + outlen, 0, modulus_size - outlen);
124
125 BN_free(&y);
126 BN_clear_free(&x);
127 BN_free(&exp);
128 BN_free(&mod);
129 BN_CTX_free(ctx);
130}
131
132/* returns newly allocated SSL_CERT or NULL */
133SSL_CERT *
134ssl_cert_read(uint8 * data, uint32 len)
135{
136 /* this will move the data pointer but we don't care, we don't use it again */
137 return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
138}
139
140void
141ssl_cert_free(SSL_CERT * cert)
142{
143 X509_free(cert);
144}
145
146/* returns newly allocated SSL_RKEY or NULL */
147SSL_RKEY *
148ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
149{
150 EVP_PKEY *epk = NULL;
151 SSL_RKEY *lkey;
152 int nid;
153
154 /* By some reason, Microsoft sets the OID of the Public RSA key to
155 the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
156
157 Kudos to Richard Levitte for the following (. intiutive .)
158 lines of code that resets the OID and let's us extract the key. */
159 nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
160 if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption))
161 {
162 DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
163 ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
164 cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
165 }
166 epk = X509_get_pubkey(cert);
167 if (NULL == epk)
168 {
169 error("Failed to extract public key from certificate\n");
170 return NULL;
171 }
172
173 lkey = RSAPublicKey_dup((RSA *) epk->pkey.ptr);
174 EVP_PKEY_free(epk);
175 *key_len = RSA_size(lkey);
176 return lkey;
177}
178
179/* returns boolean */
180RD_BOOL
181ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
182{
183 /* Currently, we don't use the CA Certificate.
184 FIXME:
185 *) Verify the server certificate (server_cert) with the
186 CA certificate.
187 *) Store the CA Certificate with the hostname of the
188 server we are connecting to as key, and compare it
189 when we connect the next time, in order to prevent
190 MITM-attacks.
191 */
192 return True;
193}
194
195int
196ssl_cert_print_fp(FILE * fp, SSL_CERT * cert)
197{
198 return X509_print_fp(fp, cert);
199}
200
201void
202ssl_rkey_free(SSL_RKEY * rkey)
203{
204 RSA_free(rkey);
205}
206
207/* returns error */
208int
209ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
210 uint32 max_mod_len)
211{
212 int len;
213
214 if ((BN_num_bytes(rkey->e) > (int) max_exp_len) ||
215 (BN_num_bytes(rkey->n) > (int) max_mod_len))
216 {
217 return 1;
218 }
219 len = BN_bn2bin(rkey->e, exponent);
220 reverse(exponent, len);
221 len = BN_bn2bin(rkey->n, modulus);
222 reverse(modulus, len);
223 return 0;
224}
225
226/* returns boolean */
227RD_BOOL
228ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
229 uint8 * signature, uint32 sig_len)
230{
231 /* Currently, we don't check the signature
232 FIXME:
233 */
234 return True;
235}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette