2 * FreeRDP: A Remote Desktop Protocol Client
3 * Cryptographic Abstraction Layer
5 * Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
22 CryptoSha1 crypto_sha1_init(void)
24 CryptoSha1 sha1 = xmalloc(sizeof(*sha1));
25 SHA1_Init(&sha1->sha_ctx);
29 void crypto_sha1_update(CryptoSha1 sha1, const uint8* data, uint32 length)
31 SHA1_Update(&sha1->sha_ctx, data, length);
34 void crypto_sha1_final(CryptoSha1 sha1, uint8* out_data)
36 SHA1_Final(out_data, &sha1->sha_ctx);
40 CryptoMd5 crypto_md5_init(void)
42 CryptoMd5 md5 = xmalloc(sizeof(*md5));
43 MD5_Init(&md5->md5_ctx);
47 void crypto_md5_update(CryptoMd5 md5, const uint8* data, uint32 length)
49 MD5_Update(&md5->md5_ctx, data, length);
52 void crypto_md5_final(CryptoMd5 md5, uint8* out_data)
54 MD5_Final(out_data, &md5->md5_ctx);
58 CryptoRc4 crypto_rc4_init(const uint8* key, uint32 length)
60 CryptoRc4 rc4 = xmalloc(sizeof(*rc4));
61 RC4_set_key(&rc4->rc4_key, length, key);
65 void crypto_rc4(CryptoRc4 rc4, uint32 length, const uint8* in_data, uint8* out_data)
67 RC4(&rc4->rc4_key, length, in_data, out_data);
70 void crypto_rc4_free(CryptoRc4 rc4)
75 CryptoDes3 crypto_des3_encrypt_init(const uint8* key, const uint8* ivec)
77 CryptoDes3 des3 = xmalloc(sizeof(*des3));
78 EVP_CIPHER_CTX_init(&des3->des3_ctx);
79 EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
80 EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
84 CryptoDes3 crypto_des3_decrypt_init(const uint8* key, const uint8* ivec)
86 CryptoDes3 des3 = xmalloc(sizeof(*des3));
87 EVP_CIPHER_CTX_init(&des3->des3_ctx);
88 EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
89 EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
93 void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data)
96 EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
99 void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data)
102 EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
108 void crypto_des3_free(CryptoDes3 des3)
110 EVP_CIPHER_CTX_cleanup(&des3->des3_ctx);
114 CryptoHmac crypto_hmac_new(void)
116 CryptoHmac hmac = xmalloc(sizeof(*hmac));
117 HMAC_CTX_init(&hmac->hmac_ctx);
121 void crypto_hmac_sha1_init(CryptoHmac hmac, const uint8* data, uint32 length)
123 HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
126 void crypto_hmac_update(CryptoHmac hmac, const uint8* data, uint32 length)
128 HMAC_Update(&hmac->hmac_ctx, data, length);
131 void crypto_hmac_final(CryptoHmac hmac, uint8* out_data, uint32 length)
133 HMAC_Final(&hmac->hmac_ctx, out_data, &length);
136 void crypto_hmac_free(CryptoHmac hmac)
138 HMAC_CTX_cleanup(&hmac->hmac_ctx);
142 CryptoCert crypto_cert_read(uint8* data, uint32 length)
144 CryptoCert cert = xmalloc(sizeof(*cert));
145 /* this will move the data pointer but we don't care, we don't use it again */
146 cert->px509 = d2i_X509(NULL, (D2I_X509_CONST uint8 **) &data, length);
150 void crypto_cert_free(CryptoCert cert)
152 X509_free(cert->px509);
156 boolean crypto_cert_get_public_key(CryptoCert cert, rdpBlob* public_key)
160 boolean status = true;
161 EVP_PKEY* pkey = NULL;
163 pkey = X509_get_pubkey(cert->px509);
167 printf("crypto_cert_get_public_key: X509_get_pubkey() failed\n");
172 length = i2d_PublicKey(pkey, NULL);
176 printf("crypto_cert_get_public_key: i2d_PublicKey() failed\n");
181 freerdp_blob_alloc(public_key, length);
182 p = (uint8*) public_key->data;
183 i2d_PublicKey(pkey, &p);
193 * Terminal Services Signing Keys.
194 * Yes, Terminal Services Private Key is publicly available.
197 const uint8 tssk_modulus[] =
199 0x3d, 0x3a, 0x5e, 0xbd, 0x72, 0x43, 0x3e, 0xc9,
200 0x4d, 0xbb, 0xc1, 0x1e, 0x4a, 0xba, 0x5f, 0xcb,
201 0x3e, 0x88, 0x20, 0x87, 0xef, 0xf5, 0xc1, 0xe2,
202 0xd7, 0xb7, 0x6b, 0x9a, 0xf2, 0x52, 0x45, 0x95,
203 0xce, 0x63, 0x65, 0x6b, 0x58, 0x3a, 0xfe, 0xef,
204 0x7c, 0xe7, 0xbf, 0xfe, 0x3d, 0xf6, 0x5c, 0x7d,
205 0x6c, 0x5e, 0x06, 0x09, 0x1a, 0xf5, 0x61, 0xbb,
206 0x20, 0x93, 0x09, 0x5f, 0x05, 0x6d, 0xea, 0x87
209 const uint8 tssk_privateExponent[] =
211 0x87, 0xa7, 0x19, 0x32, 0xda, 0x11, 0x87, 0x55,
212 0x58, 0x00, 0x16, 0x16, 0x25, 0x65, 0x68, 0xf8,
213 0x24, 0x3e, 0xe6, 0xfa, 0xe9, 0x67, 0x49, 0x94,
214 0xcf, 0x92, 0xcc, 0x33, 0x99, 0xe8, 0x08, 0x60,
215 0x17, 0x9a, 0x12, 0x9f, 0x24, 0xdd, 0xb1, 0x24,
216 0x99, 0xc7, 0x3a, 0xb8, 0x0a, 0x7b, 0x0d, 0xdd,
217 0x35, 0x07, 0x79, 0x17, 0x0b, 0x51, 0x9b, 0xb3,
218 0xc7, 0x10, 0x01, 0x13, 0xe7, 0x3f, 0xf3, 0x5f
221 const uint8 tssk_exponent[] =
223 0x5b, 0x7b, 0x88, 0xc0
226 static void crypto_rsa_common(const uint8* input, int length, uint32 key_length, const uint8* modulus, const uint8* exponent, int exponent_size, uint8* output)
230 uint8* input_reverse;
231 uint8* modulus_reverse;
232 uint8* exponent_reverse;
233 BIGNUM mod, exp, x, y;
235 input_reverse = (uint8*) xmalloc(2 * key_length + exponent_size);
236 modulus_reverse = input_reverse + key_length;
237 exponent_reverse = modulus_reverse + key_length;
239 memcpy(modulus_reverse, modulus, key_length);
240 crypto_reverse(modulus_reverse, key_length);
241 memcpy(exponent_reverse, exponent, exponent_size);
242 crypto_reverse(exponent_reverse, exponent_size);
243 memcpy(input_reverse, input, length);
244 crypto_reverse(input_reverse, length);
252 BN_bin2bn(modulus_reverse, key_length, &mod);
253 BN_bin2bn(exponent_reverse, exponent_size, &exp);
254 BN_bin2bn(input_reverse, length, &x);
255 BN_mod_exp(&y, &x, &exp, &mod, ctx);
257 output_length = BN_bn2bin(&y, output);
258 crypto_reverse(output, output_length);
260 if (output_length < (int) key_length)
261 memset(output + output_length, 0, key_length - output_length);
268 xfree(input_reverse);
271 static void crypto_rsa_public(const uint8* input, int length, uint32 key_length, const uint8* modulus, const uint8* exponent, uint8* output)
273 crypto_rsa_common(input, length, key_length, modulus, exponent, EXPONENT_MAX_SIZE, output);
276 static void crypto_rsa_private(const uint8* input, int length, uint32 key_length, const uint8* modulus, const uint8* private_exponent, uint8* output)
279 crypto_rsa_common(input, length, key_length, modulus, private_exponent, key_length, output);
282 void crypto_rsa_public_encrypt(const uint8* input, int length, uint32 key_length, const uint8* modulus, const uint8* exponent, uint8* output)
285 crypto_rsa_public(input, length, key_length, modulus, exponent, output);
288 void crypto_rsa_public_decrypt(const uint8* input, int length, uint32 key_length, const uint8* modulus, const uint8* exponent, uint8* output)
291 crypto_rsa_public(input, length, key_length, modulus, exponent, output);
294 void crypto_rsa_private_encrypt(const uint8* input, int length, uint32 key_length, const uint8* modulus, const uint8* private_exponent, uint8* output)
297 crypto_rsa_private(input, length, key_length, modulus, private_exponent, output);
300 void crypto_rsa_private_decrypt(const uint8* input, int length, uint32 key_length, const uint8* modulus, const uint8* private_exponent, uint8* output)
303 crypto_rsa_private(input, length, key_length, modulus, private_exponent, output);
306 void crypto_rsa_decrypt(const uint8* input, int length, uint32 key_length, const uint8* modulus, const uint8* private_exponent, uint8* output)
309 crypto_rsa_common(input, length, key_length, modulus, private_exponent, key_length, output);
312 void crypto_reverse(uint8* data, int length)
317 for (i = 0, j = length - 1; i < j; i++, j--)
325 void crypto_nonce(uint8* nonce, int size)
327 RAND_bytes((void*) nonce, size);
330 char* crypto_cert_fingerprint(X509* xcert)
336 uint8 fp[EVP_MAX_MD_SIZE];
338 X509_digest(xcert, EVP_sha1(), fp, &fp_len);
340 fp_buffer = (char*) xzalloc(3 * fp_len);
343 for (i = 0; i < (int) (fp_len - 1); i++)
345 sprintf(p, "%02x:", fp[i]);
346 p = &fp_buffer[i * 3];
348 sprintf(p, "%02x", fp[i]);
353 char* crypto_print_name(X509_NAME* name)
356 BIO* outBIO = BIO_new(BIO_s_mem());
358 if (X509_NAME_print_ex(outBIO, name, 0, XN_FLAG_ONELINE) > 0)
360 unsigned long size = BIO_number_written(outBIO);
361 buffer = xzalloc(size + 1);
362 memset(buffer, 0, size + 1);
363 BIO_read(outBIO, buffer, size);
371 char* crypto_cert_subject(X509* xcert)
373 return crypto_print_name(X509_get_subject_name(xcert));
376 char* crypto_cert_subject_common_name(X509* xcert, int* length)
380 X509_NAME* subject_name;
381 X509_NAME_ENTRY* entry;
382 ASN1_STRING* entry_data;
384 subject_name = X509_get_subject_name(xcert);
386 if (subject_name == NULL)
389 index = X509_NAME_get_index_by_NID(subject_name, NID_commonName, -1);
394 entry = X509_NAME_get_entry(subject_name, index);
399 entry_data = X509_NAME_ENTRY_get_data(entry);
401 if (entry_data == NULL)
404 *length = ASN1_STRING_to_UTF8(&common_name, entry_data);
409 return (char*) common_name;
412 char** crypto_cert_subject_alt_name(X509* xcert, int* count, int** lengths)
418 int num_subject_alt_names;
419 GENERAL_NAMES* subject_alt_names;
420 GENERAL_NAME* subject_alt_name;
423 subject_alt_names = X509_get_ext_d2i(xcert, NID_subject_alt_name, 0, 0);
425 if (!subject_alt_names)
428 num_subject_alt_names = sk_GENERAL_NAME_num(subject_alt_names);
429 strings = (char**) malloc(sizeof(char*) * num_subject_alt_names);
430 *lengths = (int*) malloc(sizeof(int*) * num_subject_alt_names);
432 for (index = 0; index < num_subject_alt_names; ++index)
434 subject_alt_name = sk_GENERAL_NAME_value(subject_alt_names, index);
436 if (subject_alt_name->type == GEN_DNS)
438 length = ASN1_STRING_to_UTF8(&string, subject_alt_name->d.dNSName);
439 strings[*count] = (char*) string;
440 *lengths[*count] = length;
451 char* crypto_cert_issuer(X509* xcert)
453 return crypto_print_name(X509_get_issuer_name(xcert));
456 boolean x509_verify_certificate(CryptoCert cert, char* certificate_store_path)
459 boolean status = false;
460 X509_STORE* cert_ctx = NULL;
461 X509_LOOKUP* lookup = NULL;
462 X509* xcert = cert->px509;
464 cert_ctx = X509_STORE_new();
466 if (cert_ctx == NULL)
469 OpenSSL_add_all_algorithms();
470 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
475 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
480 X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
482 if (certificate_store_path != NULL)
484 X509_LOOKUP_add_dir(lookup, certificate_store_path, X509_FILETYPE_ASN1);
487 csc = X509_STORE_CTX_new();
492 X509_STORE_set_flags(cert_ctx, 0);
494 if (!X509_STORE_CTX_init(csc, cert_ctx, xcert, 0))
497 if (X509_verify_cert(csc) == 1)
500 X509_STORE_CTX_free(csc);
501 X509_STORE_free(cert_ctx);
507 rdpCertificateData* crypto_get_certificate_data(X509* xcert, char* hostname)
510 rdpCertificateData* certdata;
512 fp = crypto_cert_fingerprint(xcert);
513 certdata = certificate_data_new(hostname, fp);
519 void crypto_cert_print_info(X509* xcert)
525 subject = crypto_cert_subject(xcert);
526 issuer = crypto_cert_issuer(xcert);
527 fp = crypto_cert_fingerprint(xcert);
529 printf("Certificate details:\n");
530 printf("\tSubject: %s\n", subject);
531 printf("\tIssuer: %s\n", issuer);
532 printf("\tThumbprint: %s\n", fp);
533 printf("The above X.509 certificate could not be verified, possibly because you do not have "
534 "the CA certificate in your certificate store, or the certificate has expired. "
535 "Please look at the documentation on how to create local certificate store for a private CA.\n");