Annotation of embedaddon/libpdel/util/rsa_util.c, revision 1.1.1.1
1.1 misho 1:
2: /*
3: * Copyright (c) 2001-2002 Packet Design, LLC.
4: * All rights reserved.
5: *
6: * Subject to the following obligations and disclaimer of warranty,
7: * use and redistribution of this software, in source or object code
8: * forms, with or without modifications are expressly permitted by
9: * Packet Design; provided, however, that:
10: *
11: * (i) Any and all reproductions of the source or object code
12: * must include the copyright notice above and the following
13: * disclaimer of warranties; and
14: * (ii) No rights are granted, in any manner or form, to use
15: * Packet Design trademarks, including the mark "PACKET DESIGN"
16: * on advertising, endorsements, or otherwise except as such
17: * appears in the above copyright notice or in the software.
18: *
19: * THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND
20: * TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO
21: * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING
22: * THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED
23: * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
24: * OR NON-INFRINGEMENT. PACKET DESIGN DOES NOT WARRANT, GUARANTEE,
25: * OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS
26: * OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY,
27: * RELIABILITY OR OTHERWISE. IN NO EVENT SHALL PACKET DESIGN BE
28: * LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE
29: * OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT,
30: * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL
31: * DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
32: * USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF
33: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
35: * THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF
36: * THE POSSIBILITY OF SUCH DAMAGE.
37: *
38: * Author: Archie Cobbs <archie@freebsd.org>
39: */
40:
41: #include <sys/param.h>
42: #include <sys/syslog.h>
43:
44: #include <stdio.h>
45: #include <stdlib.h>
46: #include <stdarg.h>
47: #include <string.h>
48: #include <unistd.h>
49: #include <errno.h>
50:
51: #include <openssl/ssl.h>
52: #include <openssl/err.h>
53: #include <openssl/md5.h>
54:
55: #include "structs/structs.h"
56: #include "structs/type/array.h"
57:
58: #include "util/rsa_util.h"
59: #include "util/typed_mem.h"
60:
61: static int rsa_util_verify_rsa(RSA *rsa, const u_char *md5,
62: const u_char *sig, size_t siglen);
63:
64: /*
65: * Create an RSA signature given an RSA private key filename.
66: *
67: * We assume the thing to be signed is an MD5 hash.
68: *
69: * Returns the signature length, or -1 if error.
70: */
71: int
72: rsa_util_sign(const char *privkeyfile,
73: const u_char *md5, u_char *sig, size_t siglen)
74: {
75: u_char *vbuf = NULL; /* encrypted signature (md5) */
76: FILE *fp = NULL;
77: RSA *rsa = NULL;
78: int rtn = -1;
79: int vlen;
80:
81: /* Open file */
82: if ((fp = fopen(privkeyfile, "r")) == NULL) {
83: fprintf(stderr, "%s: %s\n", privkeyfile, strerror(errno));
84: goto done;
85: }
86:
87: /* Read private key */
88: if ((rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL)) == NULL) {
89: ERR_print_errors_fp(stderr);
90: goto done;
91: }
92:
93: /* Check buffer length */
94: if (siglen < RSA_size(rsa)) {
95: errno = EINVAL;
96: goto done;
97: }
98:
99: /* Encrypt using private key */
100: if ((vlen = RSA_private_encrypt(MD5_DIGEST_LENGTH,
101: (u_char *)md5, sig, rsa, RSA_PKCS1_PADDING)) <= 0) {
102: ERR_print_errors_fp(stderr);
103: goto done;
104: }
105:
106: /* OK */
107: rtn = vlen;
108:
109: done:
110: /* Clean up */
111: FREE(TYPED_MEM_TEMP, vbuf);
112: RSA_free(rsa);
113: if (fp != NULL)
114: fclose(fp);
115:
116: /* Return result */
117: return (rtn);
118: }
119:
120: /*
121: * Verify an RSA signature given a public key filename.
122: *
123: * We assume the signature is a signature of an MD5 hash, and therefore
124: * the input to the signature had length MD5_DIGEST_LENGTH.
125: */
126: int
127: rsa_util_verify(const char *pubkeyfile, const u_char *md5,
128: const u_char *sig, size_t siglen)
129: {
130: EVP_PKEY *pkey = NULL;
131: RSA *rsa = NULL;
132: BIO *bio = NULL;
133: int match = 0;
134:
135: /* Read in public key */
136: if ((bio = BIO_new(BIO_s_file())) == NULL) {
137: ERR_print_errors_fp(stderr);
138: goto done;
139: }
140: if (BIO_read_filename(bio, pubkeyfile) <= 0)
141: goto done;
142: if ((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)) == NULL) {
143: ERR_print_errors_fp(stderr);
144: goto done;
145: }
146:
147: /* Get RSA public key */
148: if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) {
149: ERR_print_errors_fp(stderr);
150: goto done;
151: }
152:
153: /* Verify */
154: match = rsa_util_verify_rsa(rsa, md5, sig, siglen);
155:
156: done:
157: /* Clean up */
158: RSA_free(rsa);
159: EVP_PKEY_free(pkey);
160: BIO_free(bio);
161:
162: /* Return result */
163: return (match);
164: }
165:
166: /*
167: * Verify an RSA signature given a private key filename.
168: *
169: * We assume the signature is a signature of an MD5 hash, and therefore
170: * the input to the signature had length MD5_DIGEST_LENGTH.
171: */
172: int
173: rsa_util_verify_priv(const char *privkeyfile, const u_char *md5,
174: const u_char *sig, size_t siglen)
175: {
176: FILE *fp = NULL;
177: RSA *rsa = NULL;
178: int match = 0;
179:
180: /* Open file */
181: if ((fp = fopen(privkeyfile, "r")) == NULL) {
182: fprintf(stderr, "%s: %s\n", privkeyfile, strerror(errno));
183: goto done;
184: }
185:
186: /* Read private key */
187: if ((rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL)) == NULL) {
188: ERR_print_errors_fp(stderr);
189: goto done;
190: }
191: ERR_clear_error();
192:
193: /* Verify */
194: match = rsa_util_verify_rsa(rsa, md5, sig, siglen);
195:
196: done:
197: /* Clean up */
198: RSA_free(rsa);
199: if (fp != NULL)
200: fclose(fp);
201:
202: /* Return result */
203: return (match);
204: }
205:
206: /*
207: * Verify an RSA signature given an RSA public key.
208: *
209: * We assume the signature is a signature of an MD5 hash, and therefore
210: * the input to the signature had length MD5_DIGEST_LENGTH.
211: */
212: static int
213: rsa_util_verify_rsa(RSA *rsa, const u_char *md5,
214: const u_char *sig, size_t siglen)
215: {
216: u_char *vbuf = NULL; /* decrypted signature */
217: int match = 0;
218: int vlen;
219:
220: /* Decrypt using public key */
221: if ((vbuf = MALLOC(TYPED_MEM_TEMP, MAX(siglen, RSA_size(rsa)))) == NULL)
222: goto done;
223: if ((vlen = RSA_public_decrypt(siglen,
224: (u_char *)sig, vbuf, rsa, RSA_PKCS1_PADDING)) <= 0) {
225: ERR_clear_error();
226: goto done;
227: }
228:
229: /* Compare decrypted signature with original hash value */
230: if (vlen == MD5_DIGEST_LENGTH
231: && memcmp(md5, vbuf, MD5_DIGEST_LENGTH) == 0)
232: match = 1;
233:
234: done:
235: /* Clean up */
236: FREE(TYPED_MEM_TEMP, vbuf);
237:
238: /* Return result */
239: return (match);
240: }
241:
242:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to rsa_util.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libpdel / util