FreeTDS API
sec_negotiate_gnutls.h
1 /* FreeTDS - Library of routines accessing Sybase and Microsoft databases
2  * Copyright (C) 2015 Frediano Ziglio
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Library General Public
6  * License as published by the Free Software Foundation; either
7  * version 2 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Library General Public License for more details.
13  *
14  * You should have received a copy of the GNU Library General Public
15  * License along with this library; if not, write to the
16  * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
17  * Boston, MA 02111-1307, USA.
18  */
19 
20 #include <gnutls/gnutls.h>
21 #include <gnutls/crypto.h>
22 #ifdef HAVE_GNUTLS_ABSTRACT_H
23 # include <gnutls/abstract.h>
24 #endif
25 
26 #if !defined(HAVE_NETTLE) || !defined(HAVE_GMP) || !defined(HAVE_GNUTLS_RND)
27 # include <gcrypt.h>
28 #endif
29 
30 #ifndef HAVE_NETTLE
31 # include <libtasn1.h>
32 #endif
33 
34 #ifdef HAVE_NETTLE
35 # include <nettle/asn1.h>
36 # include <nettle/rsa.h>
37 # include <nettle/bignum.h>
38 #endif
39 
51 #ifndef HAVE_GNUTLS
52 #error HAVE_GNUTLS not defined, this file should not be included
53 #endif
54 
55 /* emulate GMP if not present */
56 #ifndef HAVE_GMP
57 #define HAVE_GMP 1
58 
59 typedef struct {
60  gcry_mpi_t num;
61 } mpz_t[1];
62 
63 #define mpz_powm(w,n,e,m) \
64  gcry_mpi_powm((w)->num, (n)->num, (e)->num, (m)->num);
65 #define mpz_init(n) do { (n)->num = NULL; } while(0)
66 #define mpz_clear(n) gcry_mpi_release((n)->num)
67 
68 #endif
69 
70 
71 /* emulate Nettle if not present */
72 #ifndef HAVE_NETTLE
73 #define HAVE_NETTLE 1
74 
75 typedef void nettle_random_func(void *ctx, size_t len, uint8_t *out);
76 
77 static inline void
78 nettle_mpz_set_str_256_u(mpz_t x, unsigned length, const uint8_t *s)
79 {
80  gcry_mpi_scan(&x->num, GCRYMPI_FMT_USG, s, length, NULL);
81 }
82 
83 static inline void
84 nettle_mpz_get_str_256(unsigned length, uint8_t *s, const mpz_t x)
85 {
86  gcry_mpi_print(GCRYMPI_FMT_USG, s, length, NULL, x->num);
87 }
88 
89 struct asn1_der_iterator {
90  const unsigned char *data, *data_end;
91  unsigned long length;
92  unsigned long type;
93 };
94 
95 enum asn1_iterator_result {
96  ASN1_ITERATOR_ERROR,
97  ASN1_ITERATOR_PRIMITIVE,
98  ASN1_ITERATOR_CONSTRUCTED,
99  ASN1_ITERATOR_END,
100 };
101 
102 enum {
103  ASN1_SEQUENCE = ASN1_TAG_SEQUENCE,
104 };
105 
106 static enum asn1_iterator_result
107 asn1_der_iterator_next(struct asn1_der_iterator *der)
108 {
109  unsigned char cls;
110  unsigned long tag;
111  int len;
112  long l;
113 
114  if (asn1_get_tag_der(der->data, der->data_end - der->data, &cls, &len, &tag) != ASN1_SUCCESS)
115  return ASN1_ITERATOR_ERROR;
116  der->type = tag;
117  der->data += len;
118  l = asn1_get_length_der(der->data, der->data_end - der->data, &len);
119  if (l < 0)
120  return ASN1_ITERATOR_ERROR;
121  der->data += len;
122  der->length = l;
123  if (cls == ASN1_CLASS_STRUCTURED)
124  return ASN1_ITERATOR_CONSTRUCTED;
125  return ASN1_ITERATOR_PRIMITIVE;
126 }
127 
128 static enum asn1_iterator_result
129 asn1_der_iterator_first(struct asn1_der_iterator *der, int size, const void *der_buf)
130 {
131  der->data = (const unsigned char *) der_buf;
132  der->data_end = der->data + size;
133 
134  return asn1_der_iterator_next(der);
135 }
136 
137 struct rsa_public_key {
138  unsigned size;
139  mpz_t n, e;
140 };
141 
142 static void
143 rsa_public_key_init(struct rsa_public_key *key)
144 {
145  key->size = 0;
146  mpz_init(key->n);
147  mpz_init(key->e);
148 }
149 
150 static void
151 rsa_public_key_clear(struct rsa_public_key *key)
152 {
153  mpz_clear(key->n);
154  mpz_clear(key->e);
155 }
156 
157 static int
158 rsa_public_key_from_der_iterator(struct rsa_public_key *key, unsigned key_bits, struct asn1_der_iterator *der)
159 {
160  enum asn1_iterator_result ret;
161 
162  ret = asn1_der_iterator_next(der);
163  if (ret != ASN1_ITERATOR_PRIMITIVE || der->type != ASN1_TAG_INTEGER)
164  return 0;
165  gcry_mpi_scan(&key->n->num, GCRYMPI_FMT_USG, der->data, der->length, NULL);
166  key->size = (gcry_mpi_get_nbits(key->n->num)+7)/8;
167  der->data += der->length;
168 
169  ret = asn1_der_iterator_next(der);
170  if (ret != ASN1_ITERATOR_PRIMITIVE || der->type != ASN1_TAG_INTEGER)
171  return 0;
172  gcry_mpi_scan(&key->e->num, GCRYMPI_FMT_USG, der->data, der->length, NULL);
173 
174  return 1;
175 }
176 
177 static void
178 sha1(uint8_t *hash, const void *data, size_t len)
179 {
180  gcry_md_hash_buffer(GCRY_MD_SHA1, hash, data, len);
181 }
182 #else
183 static void
184 sha1(uint8_t *hash, const void *data, size_t len)
185 {
186  struct sha1_ctx ctx;
187  sha1_init(&ctx);
188  sha1_update(&ctx, len, (const uint8_t *) data);
189  sha1_digest(&ctx, 20, hash);
190 }
191 #endif
192 
193 
194 #define dumpl(b,l) tdsdump_dump_buf(TDS_DBG_INFO1, #b, b, l)
195 #ifndef dumpl
196 #define dumpl(b,l) do {} while(0)
197 #endif
198 #define dump(b) dumpl(b, sizeof(b))
199 
200 /* OAEP configuration parameters */
201 #define hash_func sha1
202 enum { hash_len = 20 }; /* sha1 length */
203 enum { key_size_max = 1024 }; /* max key in bytes */
204 static const char label[] = "";
205 
206 static void
207 memxor(uint8_t *dest, const uint8_t *src, size_t len)
208 {
209  size_t n;
210  for (n = 0; n < len; ++n)
211  dest[n] = dest[n] ^ src[n];
212 }
213 
214 static void
215 mgf_mask(uint8_t *dest, size_t dest_len, const uint8_t *mask, size_t mask_len)
216 {
217  unsigned n = 0;
218  uint8_t hash[hash_len];
219  uint8_t seed[mask_len + 4];
220 
221  memcpy(seed, mask, mask_len);
222  /* we always have some data and check is done internally */
223  for (;;) {
224  TDS_PUT_UA4BE(seed+mask_len, n);
225 
226  hash_func(hash, seed, sizeof(seed));
227  if (dest_len <= hash_len) {
228  memxor(dest, hash, dest_len);
229  break;
230  }
231 
232  memxor(dest, hash, hash_len);
233  dest += hash_len;
234  dest_len -= hash_len;
235  ++n;
236  }
237 }
238 
239 static int
240 oaep_encrypt(size_t key_size, size_t length, const uint8_t *message, mpz_t m)
241 {
242  /* EM: 0x00 ROS (HASH 0x00.. 0x01 message) */
243  struct {
244  uint8_t all[1]; /* zero but used to access all data */
245  uint8_t ros[hash_len];
246  uint8_t db[key_size_max - hash_len - 1];
247  } em;
248  const unsigned db_len = key_size - hash_len - 1;
249 
250  if (length + hash_len * 2 + 2 > key_size)
251  /* Message too long for this key. */
252  return 0;
253 
254  /* create db */
255  memset(&em, 0, sizeof(em));
256  hash_func(em.db, label, strlen(label));
257  em.all[key_size - length - 1] = 0x1;
258  memcpy(em.all+(key_size - length), message, length);
259  dumpl(em.db, db_len);
260 
261  /* create ros */
262  tds_random_buffer(em.ros, hash_len);
263  dump(em.ros);
264 
265  /* mask db */
266  mgf_mask(em.db, db_len, em.ros, hash_len);
267  dumpl(em.db, db_len);
268 
269  /* mask ros */
270  mgf_mask(em.ros, hash_len, em.db, db_len);
271  dump(em.ros);
272 
273  nettle_mpz_set_str_256_u(m, key_size, em.all);
274 
275  return 1;
276 }
277 
278 static int
279 rsa_encrypt_oaep(const struct rsa_public_key *key,
280  size_t length, const uint8_t *message, mpz_t gibberish)
281 {
282  if (!oaep_encrypt(key->size, length, message, gibberish))
283  return 0;
284 
285  mpz_powm(gibberish, gibberish, key->e, key->n);
286  return 1;
287 }
288 
289 static void*
290 tds5_rsa_encrypt(const void *key, size_t key_len, const void *nonce, size_t nonce_len, const char *pwd, size_t *em_size)
291 {
292  int ret;
293  mpz_t p;
294  gnutls_datum_t pubkey_datum = { (unsigned char *) key, key_len };
295  struct asn1_der_iterator der;
296  struct rsa_public_key pubkey;
297  uint8_t *message;
298  size_t message_len, pwd_len;
299  uint8_t *em = NULL;
300  unsigned char der_buf[2048];
301  size_t size = sizeof(der_buf);
302 
303  mpz_init(p);
304  rsa_public_key_init(&pubkey);
305 
306  pwd_len = strlen(pwd);
307  message_len = nonce_len + pwd_len;
308  message = tds_new(uint8_t, message_len);
309  if (!message)
310  return NULL;
311  memcpy(message, nonce, nonce_len);
312  memcpy(message + nonce_len, pwd, pwd_len);
313 
314  /* use nettle directly */
315  /* parse PEM, get DER */
316  ret = gnutls_pem_base64_decode("RSA PUBLIC KEY", &pubkey_datum, der_buf, &size);
317  if (ret) {
318  tdsdump_log(TDS_DBG_ERROR, "Error %d decoding public key: %s\n", ret, gnutls_strerror(ret));
319  goto error;
320  }
321 
322  /* get key with nettle using DER */
323  ret = asn1_der_iterator_first(&der, size, der_buf);
324  if (ret != ASN1_ITERATOR_CONSTRUCTED || der.type != ASN1_SEQUENCE) {
325  tdsdump_log(TDS_DBG_ERROR, "Invalid DER content\n");
326  goto error;
327  }
328 
329  ret = rsa_public_key_from_der_iterator(&pubkey, key_size_max * 8, &der);
330  if (!ret) {
331  tdsdump_log(TDS_DBG_ERROR, "Invalid DER content\n");
332  goto error;
333  }
334 
335  /* get password encrypted */
336  ret = rsa_encrypt_oaep(&pubkey, message_len, message, p);
337  if (!ret) {
338  tdsdump_log(TDS_DBG_ERROR, "Error encrypting message\n");
339  goto error;
340  }
341 
342  em = tds_new(uint8_t, pubkey.size);
343  *em_size = pubkey.size;
344  if (!em)
345  goto error;
346 
347  nettle_mpz_get_str_256(pubkey.size, em, p);
348 
349  tdsdump_dump_buf(TDS_DBG_INFO1, "em", em, pubkey.size);
350 
351 error:
352  free(message);
353  rsa_public_key_clear(&pubkey);
354  mpz_clear(p);
355  return em;
356 }
357 
tdsdump_log
void tdsdump_log(const char *file, unsigned int level_line, const char *fmt,...)
Write a message to the debug log.
Definition: log.c:396
mpz_t
Definition: sec_negotiate_gnutls.h:59
tdsdump_dump_buf
void tdsdump_dump_buf(const char *file, unsigned int level_line, const char *msg, const void *buf, size_t length)
Dump the contents of data into the log file in a human readable format.
Definition: log.c:293
rsa_public_key
Definition: sec_negotiate_gnutls.h:137
asn1_der_iterator
Definition: sec_negotiate_gnutls.h:89
Generated by   doxygen 1.8.13