freetds/reference/a00311_source.html

/* FreeTDS - Library of routines accessing Sybase and Microsoft databases

 * Copyright (C) 2015  Frediano Ziglio

 *

 * This library is free software; you can redistribute it and/or

 * modify it under the terms of the GNU Library General Public

 * License as published by the Free Software Foundation; either

 * version 2 of the License, or (at your option) any later version.

 *

 * This library is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * Library General Public License for more details.

 *

 * You should have received a copy of the GNU Library General Public

 * License along with this library; if not, write to the

 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,

 * Boston, MA 02111-1307, USA.

 */


#include <gnutls/gnutls.h>

#include <gnutls/crypto.h>

#ifdef HAVE_GNUTLS_ABSTRACT_H

#  include <gnutls/abstract.h>

#endif


#if !defined(HAVE_NETTLE) || !defined(HAVE_GMP) || !defined(HAVE_GNUTLS_RND)

#  include <gcrypt.h>

#endif


#ifndef HAVE_NETTLE

#  include <libtasn1.h>

#endif


#ifdef HAVE_NETTLE

#  include <nettle/asn1.h>

#  include <nettle/rsa.h>

#  include <nettle/bignum.h>

#  include <nettle/version.h>

#endif


#ifndef HAVE_GNUTLS

#error HAVE_GNUTLS not defined, this file should not be included

#endif


/* emulate GMP if not present */

#ifndef HAVE_GMP

#define HAVE_GMP 1


typedef struct {

    gcry_mpi_t num;

} mpz_t[1];


#define mpz_powm(w,n,e,m) \

    gcry_mpi_powm((w)->num, (n)->num, (e)->num, (m)->num);

#define mpz_init(n) do { (n)->num = NULL; } while(0)

#define mpz_clear(n) gcry_mpi_release((n)->num)


#endif


/* emulate Nettle if not present */

#ifndef HAVE_NETTLE

#define HAVE_NETTLE 1


typedef void nettle_random_func(void *ctx, size_t len, uint8_t *out);


static inline void

nettle_mpz_set_str_256_u(mpz_t x, unsigned length, const uint8_t *s)

{

    gcry_mpi_scan(&x->num, GCRYMPI_FMT_USG, s, length, NULL);

}


static inline void

nettle_mpz_get_str_256(unsigned length, uint8_t *s, const mpz_t x)

{

    gcry_mpi_print(GCRYMPI_FMT_USG, s, length, NULL, x->num);

}


struct asn1_der_iterator {

    const unsigned char *data, *data_end;

    unsigned long length;

    unsigned long type;

};


enum asn1_iterator_result {

    ASN1_ITERATOR_ERROR,

    ASN1_ITERATOR_PRIMITIVE,

    ASN1_ITERATOR_CONSTRUCTED,

    ASN1_ITERATOR_END,

};


enum {

    ASN1_SEQUENCE = ASN1_TAG_SEQUENCE,

};


static enum asn1_iterator_result

asn1_der_iterator_next(struct asn1_der_iterator *der)

{

    unsigned char cls;

    unsigned long tag;

    int len;

    long l;


    if (asn1_get_tag_der(der->data, der->data_end - der->data, &cls, &len, &tag) != ASN1_SUCCESS)

        return ASN1_ITERATOR_ERROR;

    der->type = tag;

    der->data += len;

    l = asn1_get_length_der(der->data, der->data_end - der->data, &len);

    if (l < 0)

        return ASN1_ITERATOR_ERROR;

    der->data += len;

    der->length = l;

    if (cls == ASN1_CLASS_STRUCTURED)

        return ASN1_ITERATOR_CONSTRUCTED;

    return ASN1_ITERATOR_PRIMITIVE;

}


static enum asn1_iterator_result

asn1_der_iterator_first(struct asn1_der_iterator *der, int size, const void *der_buf)

{

    der->data = (const unsigned char *) der_buf;

    der->data_end = der->data + size;


    return asn1_der_iterator_next(der);

}


struct rsa_public_key {

    unsigned size;

    mpz_t n, e;

};


static void

rsa_public_key_init(struct rsa_public_key *key)

{

    key->size = 0;

    mpz_init(key->n);

    mpz_init(key->e);

}


static void

rsa_public_key_clear(struct rsa_public_key *key)

{

    mpz_clear(key->n);

    mpz_clear(key->e);

}


static int

rsa_public_key_from_der_iterator(struct rsa_public_key *key, unsigned key_bits, struct asn1_der_iterator *der)

{

    enum asn1_iterator_result ret;


    ret = asn1_der_iterator_next(der);

    if (ret != ASN1_ITERATOR_PRIMITIVE || der->type != ASN1_TAG_INTEGER)

        return 0;

    gcry_mpi_scan(&key->n->num, GCRYMPI_FMT_USG, der->data, der->length, NULL);

    key->size = (gcry_mpi_get_nbits(key->n->num)+7)/8;

    der->data += der->length;


    ret = asn1_der_iterator_next(der);

    if (ret != ASN1_ITERATOR_PRIMITIVE || der->type != ASN1_TAG_INTEGER)

        return 0;

    gcry_mpi_scan(&key->e->num, GCRYMPI_FMT_USG, der->data, der->length, NULL);


    return 1;

}


static void

sha1(uint8_t *hash, const void *data, size_t len)

{

    gcry_md_hash_buffer(GCRY_MD_SHA1, hash, data, len);

}

#else

static void

sha1(uint8_t *hash, const void *data, size_t len)

{

    struct sha1_ctx ctx;

    sha1_init(&ctx);

    sha1_update(&ctx, len, (const uint8_t *) data);

#if defined(NETTLE_VERSION_MAJOR) && NETTLE_VERSION_MAJOR >= 4

    sha1_digest(&ctx, hash);

#else

    sha1_digest(&ctx, 20, hash);

#endif

}

#endif


#define dumpl(b,l) tdsdump_dump_buf(TDS_DBG_INFO1, #b, b, l)

#ifndef dumpl

#define dumpl(b,l) do {} while(0)

#endif

#define dump(b) dumpl(b, sizeof(b))


/* OAEP configuration parameters */

#define hash_func sha1

enum { hash_len = 20  };    /* sha1 length */

enum { key_size_max = 1024 };   /* max key in bytes */

static const char label[] = "";


static void

memxor(uint8_t *dest, const uint8_t *src, size_t len)

{

    size_t n;

    for (n = 0; n < len; ++n)

        dest[n] = dest[n] ^ src[n];

}


static void

mgf_mask(uint8_t *dest, size_t dest_len, const uint8_t *mask, size_t mask_len)

{

    unsigned n = 0;

    uint8_t hash[hash_len];

    uint8_t seed[mask_len + 4];


    memcpy(seed, mask, mask_len);

    /* we always have some data and check is done internally */

    for (;;) {

        TDS_PUT_UA4BE(seed+mask_len, n);


        hash_func(hash, seed, sizeof(seed));

        if (dest_len <= hash_len) {

            memxor(dest, hash, dest_len);

            break;

        }


        memxor(dest, hash, hash_len);

        dest += hash_len;

        dest_len -= hash_len;

        ++n;

    }

}


static int

oaep_encrypt(size_t key_size, size_t length, const uint8_t *message, mpz_t m)

{

    /* EM: 0x00 ROS (HASH 0x00.. 0x01 message) */

    struct {

        uint8_t all[1]; /* zero but used to access all data */

        uint8_t ros[hash_len];

        uint8_t db[key_size_max - hash_len - 1];

    } em;

    const unsigned db_len = key_size - hash_len - 1;


    if (length + hash_len * 2 + 2 > key_size)

        /* Message too long for this key. */

        return 0;


    /* create db */

    memset(&em, 0, sizeof(em));

    hash_func(em.db, label, strlen(label));

    em.all[key_size - length - 1] = 0x1;

    memcpy(em.all+(key_size - length), message, length);

    dumpl(em.db, db_len);


    /* create ros */

    tds_random_buffer(em.ros, hash_len);

    dump(em.ros);


    /* mask db */

    mgf_mask(em.db, db_len, em.ros, hash_len);

    dumpl(em.db, db_len);


    /* mask ros */

    mgf_mask(em.ros, hash_len, em.db, db_len);

    dump(em.ros);


    nettle_mpz_set_str_256_u(m, key_size, em.all);


    return 1;

}


static int

rsa_encrypt_oaep(const struct rsa_public_key *key,

        size_t length, const uint8_t *message, mpz_t gibberish)

{

    if (!oaep_encrypt(key->size, length, message, gibberish))

        return 0;


    mpz_powm(gibberish, gibberish, key->e, key->n);

    return 1;

}


static void*

tds5_rsa_encrypt(const void *key, size_t key_len, const void *nonce, size_t nonce_len, const char *pwd, size_t *em_size)

{

    int ret;

    mpz_t p;

    gnutls_datum_t pubkey_datum = { (unsigned char *) key, key_len };

    struct asn1_der_iterator der;

    struct rsa_public_key pubkey;

    uint8_t *message;

    size_t message_len, pwd_len;

    uint8_t *em = NULL;

    unsigned char der_buf[2048];

    size_t size = sizeof(der_buf);


    mpz_init(p);

    rsa_public_key_init(&pubkey);


    pwd_len = strlen(pwd);

    message_len = nonce_len + pwd_len;

    message = tds_new(uint8_t, message_len);

    if (!message)

        return NULL;

    memcpy(message, nonce, nonce_len);

    memcpy(message + nonce_len, pwd, pwd_len);


    /* use nettle directly */

    /* parse PEM, get DER */

    ret = gnutls_pem_base64_decode("RSA PUBLIC KEY", &pubkey_datum, der_buf, &size);

    if (ret) {

        tdsdump_log(TDS_DBG_ERROR, "Error %d decoding public key: %s\n", ret, gnutls_strerror(ret));

        goto error;

    }


    /* get key with nettle using DER */

    ret = asn1_der_iterator_first(&der, size, der_buf);

    if (ret != ASN1_ITERATOR_CONSTRUCTED || der.type != ASN1_SEQUENCE) {

        tdsdump_log(TDS_DBG_ERROR, "Invalid DER content\n");

        goto error;

    }


    ret = rsa_public_key_from_der_iterator(&pubkey, key_size_max * 8, &der);

    if (!ret) {

        tdsdump_log(TDS_DBG_ERROR, "Invalid DER content\n");

        goto error;

    }


    /* get password encrypted */

    ret = rsa_encrypt_oaep(&pubkey, message_len, message, p);

    if (!ret) {

        tdsdump_log(TDS_DBG_ERROR, "Error encrypting message\n");

        goto error;

    }


    em = tds_new(uint8_t, pubkey.size);

    *em_size = pubkey.size;

    if (!em)

        goto error;


    nettle_mpz_get_str_256(pubkey.size, em, p);


    tdsdump_dump_buf(TDS_DBG_INFO1, "em", em, pubkey.size);


error:

    free(message);

    rsa_public_key_clear(&pubkey);

    mpz_clear(p);

    return em;

}


mpz_t
Definition sec_negotiate_gnutls.h:60

asn1_der_iterator
Definition sec_negotiate_gnutls.h:90

rsa_public_key
Definition sec_negotiate_gnutls.h:138