int
auth_rsa_challenge_dialog(Key *key)
{
BIGNUM *challenge, *encrypted_challenge;
u_char response[16];
int i, success;
if ((encrypted_challenge = BN_new()) == NULL)
fatal("auth_rsa_challenge_dialog: BN_new() failed");
challenge = PRIVSEP(auth_rsa_generate_challenge(key));
/* Encrypt the challenge with the public key. */
rsa_public_encrypt(encrypted_challenge, challenge, key->rsa);
/* Send the encrypted challenge to the client. */
packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE);
packet_put_bignum(encrypted_challenge);
packet_send();
BN_clear_free(encrypted_challenge);
packet_write_wait();
/* Wait for a response. */
packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE);
for (i = 0; i < 16; i++)
response[i] = packet_get_char();
packet_check_eom();
success = PRIVSEP(auth_rsa_verify_response(key, challenge, response));
BN_clear_free(challenge);
return (success);
}
/*****************************************************************************
* 函 数 名 : crypto_rsa_encrypt
*
* 功能描述 : 使用保存在NV中的改制用RSA公钥,对输入的数据加密。
* (读取时需要同样进行签名验证)
*
* 输入参数 : data: 待加密数据。
* len: 待加密数据长度。(byte)
* rsa_key: RSA公钥buffer指针。
* rsa_len: RSA公钥buffer长度。(byte)
* cipher_len: 加密后的数据的存放buffer的buffer size。(byte)(没有检查)
*
* 输出参数 : cipher_data: 加密后的数据的存放buffer。
* cipher_len: 加密后的数据的实际长度。(byte)
*
* 返 回 值 : BSP_OK: 加密成功。
* BSP_ERROR: 加密失败。
*
* 其它说明 : cipher_len为输入/输出参数,传入的cipher_len变量所用内存必须可写回。
* 所以避免直接传入类似sizeof()的函数调用结果。
*
*****************************************************************************/
int crypto_rsa_encrypt_o (char *data, int len, char *rsa_key, int rsa_klen, char *cipher_data, int *cipher_len)
{
//rsa_public_key* p_rsa_key = (rsa_public_key*)rsa_key;/*模A*/
rsa_public_key* p_rsa_key = NULL;
if(data == NULL || rsa_key == NULL || cipher_data == NULL || cipher_len == NULL)
{
security_print("ERROR crypto_rsa_encrypt: param is NULL pointer!\n");
return BSP_ERROR;
}
if(len <=0 || rsa_klen != RSA_KEY_LEN)
{
security_print("ERROR crypto_rsa_encrypt: param is invalid!\n");
return BSP_ERROR;
}
p_rsa_key = (rsa_public_key*)(rsa_key+rsa_klen/2);/*模B*/
if(0 != rsa_public_encrypt((UINT8*)data, len, (UINT8*)cipher_data, (UINT16*)cipher_len, p_rsa_key))
{
security_print("ERROR crypto_rsa_encrypt: rsa_private_encrypt failed!\n");
return BSP_ERROR;
}
return BSP_OK;
}
static int write_device_key(unsigned char *key , int key_len
, unsigned char *c_pub_key, int c_pub_key_len )
{
int ret = 0;
unsigned char *out_data = NULL;
int out_len = 0;
out_len = 4 * c_pub_key_len;
out_data = calloc(out_len , sizeof(char));
if( out_data == NULL) {
printf("malloc encrypt buf failed!\n");
return -1;
}
ret = rsa_public_encrypt(key, key_len , out_data, &out_len
, c_pub_key, c_pub_key_len);
if( ret == -1) {
printf("rsa public encrypt failed!\n");
free(out_data);
return -1;
}
ret = rsa_write_file(C_DEVICE_KEY_FILE, out_data, out_len);
if( ret == -1) {
printf("rsa write device key file %s failed!\n", C_DEVICE_KEY_FILE);
}
free(out_data);
return ret;
}
static int write_client_reg(unsigned char *reg, int reg_len)
{
FILE * fp = NULL;
int ret = 0;
unsigned char *pub_key = NULL;
int pub_len = 0;
unsigned char *out_data = NULL;
int out_len = 0;
// read public key
ret = rsa_read_file(R_S_PUBLIC_KEY_FILE, pub_key, &pub_len);
if( ret == -1)
return -1;
pub_key = calloc(pub_len, sizeof(char));
if (pub_key == NULL) {
printf("malloc failed!\n");
return -1;
}
//ret = rsa_read_file(R_S_PUBLIC_KEY_FILE, pub_key, &pub_len);
ret = rsa_read_file(R_S_PUBLIC_KEY_FILE, pub_key, &pub_len);
if( ret == -1) {
printf("read %s data failed!\n", R_S_PUBLIC_KEY_FILE);
goto free_memory;
}
// use public key encrypt
out_len = 4 * reg_len ; // in = 128 - 11, out = 128
out_data = calloc(out_len , sizeof(char));
if( out_data == NULL) {
printf("malloc encrypt buffer failed!\n");
goto free_memory;
}
ret = rsa_public_encrypt(reg, reg_len, out_data, &out_len
,pub_key, pub_len);
if( ret == -1) {
printf("rsa public encrypt failed!\n");
goto free_memory;
}
// write encrypted data to file
ret = rsa_write_file(R_C_REG_FILE, out_data, out_len);
if( ret == -1){
printf("write %s fialed!\n", R_C_REG_FILE);
goto free_memory;
}
free_memory:
if(pub_key)
free(pub_key);
if(out_data)
free(out_data);
return 0;
}
kal_bool che_sw_rsa(STCHE* che_context, CHE_ACTION act, kal_uint8* data_src, kal_uint8* data_dst, kal_int32 length, kal_bool last_block){
rsa_context rsa;
memset( &rsa, 0, sizeof( rsa ) );
rsa.len = length;
mpi_read( &rsa.N , che_context->modulusN, 16, che_context->modulusNLen );
mpi_read( &rsa.E , che_context->pubExp, 16, che_context->pubExpLen );
mpi_read( &rsa.D , che_context->privExpD, 16, che_context->privExpDLen );
mpi_read( &rsa.P , che_context->primeP, 16, che_context->primePLen );
mpi_read( &rsa.Q , che_context->primeQ, 16,che_context->primeQLen );
mpi_read( &rsa.DP, che_context->dModPm1, 16,che_context->dModPm1Len );
mpi_read( &rsa.DQ, che_context->dModQm1, 16,che_context->dModQm1Len );
mpi_read( &rsa.QP, che_context->qInvModP, 16,che_context->qInvModPLen );
if( rsa_check_pubkey( &rsa ) != 0 || rsa_check_privkey( &rsa ) != 0 ){
ASSERT(0);
}
switch (act){
case RSA_PUBLIC_ENC:
if( rsa_public_encrypt( &rsa, data_src, length, data_dst, length ) != 0 ){
ASSERT(0);
}
break;
case RSA_PUBLIC_DEC:
if( rsa_public_decrypt( &rsa, data_src, length, data_dst, length ) != 0 ){
ASSERT(0);
}
break;
case RSA_PRIVATE_ENC:
if( rsa_private_encrypt( &rsa, data_src, length, data_dst, length ) != 0 ){
ASSERT(0);
}
break;
case RSA_PRIVATE_DEC:
if( rsa_private_decrypt( &rsa, data_src, length, data_dst, length ) != 0 ){
ASSERT(0);
}
break;
default:
return KAL_FALSE;
}
return KAL_TRUE;
}
int
auth_rsa_challenge_dialog(struct sshkey *key)
{
struct ssh *ssh = active_state;
BIGNUM *challenge, *encrypted_challenge;
u_char response[16];
int r, success;
if ((encrypted_challenge = BN_new()) == NULL)
fatal("auth_rsa_challenge_dialog: BN_new() failed");
challenge = PRIVSEP(auth_rsa_generate_challenge(key));
/* Encrypt the challenge with the public key. */
if ((r = rsa_public_encrypt(encrypted_challenge, challenge,
key->rsa)) != 0)
fatal("%s: rsa_public_encrypt: %s", __func__, ssh_err(r));
/* Send the encrypted challenge to the client. */
if ((r = sshpkt_start(ssh, SSH_SMSG_AUTH_RSA_CHALLENGE)) != 0 ||
(r = sshpkt_put_bignum1(ssh, encrypted_challenge)) != 0 ||
(r = sshpkt_send(ssh)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
BN_clear_free(encrypted_challenge);
ssh_packet_write_wait(ssh);
/* Wait for a response. */
ssh_packet_read_expect(ssh, SSH_CMSG_AUTH_RSA_RESPONSE);
if ((r = sshpkt_get(ssh, &response, sizeof(response))) != 0 ||
(r = sshpkt_get_end(ssh)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
success = PRIVSEP(auth_rsa_verify_response(key, challenge, response));
BN_clear_free(challenge);
return (success);
}
bool send_metakey(connection_t *c) {
if(!myself->connection->rsa) {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname);
return false;
}
if(!read_rsa_public_key(c))
return false;
if(!(c->outcipher = cipher_open_blowfish_ofb()))
return false;
if(!(c->outdigest = digest_open_sha1(-1)))
return false;
const size_t len = rsa_size(c->rsa);
char key[len];
char enckey[len];
char hexkey[2 * len + 1];
/* Create a random key */
randomize(key, len);
/* The message we send must be smaller than the modulus of the RSA key.
By definition, for a key of k bits, the following formula holds:
2^(k-1) <= modulus < 2^(k)
Where ^ means "to the power of", not "xor".
This means that to be sure, we must choose our message < 2^(k-1).
This can be done by setting the most significant bit to zero.
*/
key[0] &= 0x7F;
if(!cipher_set_key_from_rsa(c->outcipher, key, len, true))
return false;
if(debug_level >= DEBUG_SCARY_THINGS) {
bin2hex(key, hexkey, len);
logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Generated random meta key (unencrypted): %s", hexkey);
}
/* Encrypt the random data
We do not use one of the PKCS padding schemes here.
This is allowed, because we encrypt a totally random string
with a length equal to that of the modulus of the RSA key.
*/
if(!rsa_public_encrypt(c->rsa, key, len, enckey)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error during encryption of meta key for %s (%s)", c->name, c->hostname);
return false;
}
/* Convert the encrypted random data to a hexadecimal formatted string */
bin2hex(enckey, hexkey, len);
/* Send the meta key */
bool result = send_request(c, "%d %d %d %d %d %s", METAKEY,
cipher_get_nid(c->outcipher),
digest_get_nid(c->outdigest), c->outmaclength,
c->outcompression, hexkey);
c->status.encryptout = true;
return result;
}
