char *
irc_sasl_mechanism_ecdsa_nist256p_challenge (struct t_irc_server *server,
const char *data_base64,
const char *sasl_username,
const char *sasl_key)
{
#if defined(HAVE_GNUTLS) && (LIBGNUTLS_VERSION_NUMBER >= 0x030015) /* 3.0.21 */
char *data, *string, *answer_base64;
int length_data, length_username, length, ret;
char *str_privkey;
gnutls_x509_privkey_t x509_privkey;
gnutls_privkey_t privkey;
gnutls_datum_t filedatum, decoded_data, signature;
#if LIBGNUTLS_VERSION_NUMBER >= 0x030300 /* 3.3.0 */
gnutls_ecc_curve_t curve;
gnutls_datum_t x, y, k;
char *pubkey, *pubkey_base64;
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x030300 */
answer_base64 = NULL;
string = NULL;
length = 0;
if (strcmp (data_base64, "+") == 0)
{
/* send "username" + '\0' + "username" */
answer_base64 = NULL;
length_username = strlen (sasl_username);
length = length_username + 1 + length_username;
string = malloc (length + 1);
if (string)
{
snprintf (string, length + 1, "%s|%s", sasl_username, sasl_username);
string[length_username] = '\0';
}
}
else
{
/* sign the challenge with the private key and return the result */
/* decode the challenge */
data = malloc (strlen (data_base64) + 1);
if (!data)
return NULL;
length_data = weechat_string_decode_base64 (data_base64, data);
/* read file with private key */
str_privkey = irc_sasl_get_key_content (server, sasl_key);
if (!str_privkey)
{
free (data);
return NULL;
}
/* import key */
gnutls_x509_privkey_init (&x509_privkey);
gnutls_privkey_init (&privkey);
filedatum.data = (unsigned char *)str_privkey;
filedatum.size = strlen (str_privkey);
ret = gnutls_x509_privkey_import (x509_privkey, &filedatum,
GNUTLS_X509_FMT_PEM);
free (str_privkey);
if (ret != GNUTLS_E_SUCCESS)
{
weechat_printf (
server->buffer,
_("%sgnutls: invalid private key file: error %d %s"),
weechat_prefix ("error"),
ret,
gnutls_strerror (ret));
gnutls_x509_privkey_deinit (x509_privkey);
gnutls_privkey_deinit (privkey);
free (data);
return NULL;
}
#if LIBGNUTLS_VERSION_NUMBER >= 0x030300 /* 3.3.0 */
/* read raw values in key, to display public key */
ret = gnutls_x509_privkey_export_ecc_raw (x509_privkey,
&curve, &x, &y, &k);
if (ret == GNUTLS_E_SUCCESS)
{
pubkey = malloc (x.size + 1);
if (pubkey)
{
pubkey[0] = (y.data[y.size - 1] & 1) ? 0x03 : 0x02;
memcpy (pubkey + 1, x.data, x.size);
pubkey_base64 = malloc ((x.size + 1 + 1) * 4);
if (pubkey_base64)
{
weechat_string_encode_base64 (pubkey, x.size + 1,
pubkey_base64);
weechat_printf (
server->buffer,
_("%s%s: signing the challenge with ECC public key: "
"%s"),
weechat_prefix ("network"),
IRC_PLUGIN_NAME,
pubkey_base64);
free (pubkey_base64);
}
free (pubkey);
}
gnutls_free (x.data);
gnutls_free (y.data);
gnutls_free (k.data);
}
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x030300 */
/* import private key in an abstract key structure */
ret = gnutls_privkey_import_x509 (privkey, x509_privkey, 0); /* gnutls >= 2.11.0 */
if (ret != GNUTLS_E_SUCCESS)
{
weechat_printf (
server->buffer,
_("%sgnutls: unable to import the private key: error %d %s"),
weechat_prefix ("error"),
ret,
gnutls_strerror (ret));
gnutls_x509_privkey_deinit (x509_privkey);
gnutls_privkey_deinit (privkey);
free (data);
return NULL;
}
decoded_data.data = (unsigned char *)data;
decoded_data.size = length_data;
ret = gnutls_privkey_sign_hash (privkey, GNUTLS_DIG_SHA256, 0, /* gnutls >= 2.11.0 */
&decoded_data, &signature);
if (ret != GNUTLS_E_SUCCESS)
{
weechat_printf (
server->buffer,
_("%sgnutls: unable to sign the hashed data: error %d %s"),
weechat_prefix ("error"),
ret,
gnutls_strerror (ret));
gnutls_x509_privkey_deinit (x509_privkey);
gnutls_privkey_deinit (privkey);
free (data);
return NULL;
}
gnutls_x509_privkey_deinit (x509_privkey);
gnutls_privkey_deinit (privkey);
string = malloc (signature.size);
if (string)
memcpy (string, signature.data, signature.size);
length = signature.size;
gnutls_free (signature.data);
free (data);
}
if (string && (length > 0))
{
answer_base64 = malloc ((length + 1) * 4);
if (answer_base64)
weechat_string_encode_base64 (string, length, answer_base64);
free (string);
}
return answer_base64;
#else /* no gnutls or gnutls < 3.0.21 */
/* make C compiler happy */
(void) data_base64;
(void) sasl_username;
(void) sasl_key;
weechat_printf (server->buffer,
_("%sgnutls: version >= 3.0.21 is required for SASL "
"\"ecdsa-nist256p-challenge\""),
weechat_prefix ("error"));
return NULL;
#endif /* defined(HAVE_GNUTLS) && (LIBGNUTLS_VERSION_NUMBER >= 0x030015) */
}
int
irc_sasl_dh (const char *data_base64,
unsigned char **public_bin, unsigned char **secret_bin,
int *length_key)
{
char *data;
unsigned char *ptr_data;
int length_data, size, num_bits_prime_number, rc;
size_t num_written;
gcry_mpi_t data_prime_number, data_generator_number, data_server_pub_key;
gcry_mpi_t pub_key, priv_key, secret_mpi;
rc = 0;
data = NULL;
data_prime_number = NULL;
data_generator_number = NULL;
data_server_pub_key = NULL;
pub_key = NULL;
priv_key = NULL;
secret_mpi = NULL;
/* decode data */
data = malloc (strlen (data_base64) + 1);
length_data = weechat_string_decode_base64 (data_base64, data);
ptr_data = (unsigned char *)data;
/* extract prime number */
size = ntohs ((((unsigned int)ptr_data[1]) << 8) | ptr_data[0]);
ptr_data += 2;
length_data -= 2;
if (size > length_data)
goto dhend;
data_prime_number = gcry_mpi_new (size * 8);
gcry_mpi_scan (&data_prime_number, GCRYMPI_FMT_USG, ptr_data, size, NULL);
num_bits_prime_number = gcry_mpi_get_nbits (data_prime_number);
ptr_data += size;
length_data -= size;
/* extract generator number */
size = ntohs ((((unsigned int)ptr_data[1]) << 8) | ptr_data[0]);
ptr_data += 2;
length_data -= 2;
if (size > length_data)
goto dhend;
data_generator_number = gcry_mpi_new (size * 8);
gcry_mpi_scan (&data_generator_number, GCRYMPI_FMT_USG, ptr_data, size, NULL);
ptr_data += size;
length_data -= size;
/* extract server-generated public key */
size = ntohs ((((unsigned int)ptr_data[1]) << 8) | ptr_data[0]);
ptr_data += 2;
length_data -= 2;
if (size > length_data)
goto dhend;
data_server_pub_key = gcry_mpi_new (size * 8);
gcry_mpi_scan (&data_server_pub_key, GCRYMPI_FMT_USG, ptr_data, size, NULL);
/* generate keys */
pub_key = gcry_mpi_new (num_bits_prime_number);
priv_key = gcry_mpi_new (num_bits_prime_number);
gcry_mpi_randomize (priv_key, num_bits_prime_number, GCRY_STRONG_RANDOM);
/* pub_key = (g ^ priv_key) % p */
gcry_mpi_powm (pub_key, data_generator_number, priv_key, data_prime_number);
/* compute secret_bin */
*length_key = num_bits_prime_number / 8;
*secret_bin = malloc (*length_key);
secret_mpi = gcry_mpi_new (num_bits_prime_number);
/* secret_mpi = (y ^ priv_key) % p */
gcry_mpi_powm (secret_mpi, data_server_pub_key, priv_key, data_prime_number);
gcry_mpi_print (GCRYMPI_FMT_USG, *secret_bin, *length_key,
&num_written, secret_mpi);
/* create public_bin */
*public_bin = malloc (*length_key);
gcry_mpi_print (GCRYMPI_FMT_USG, *public_bin, *length_key,
&num_written, pub_key);
rc = 1;
dhend:
if (data)
free (data);
if (data_prime_number)
gcry_mpi_release (data_prime_number);
if (data_generator_number)
gcry_mpi_release (data_generator_number);
if (data_server_pub_key)
gcry_mpi_release (data_server_pub_key);
if (pub_key)
gcry_mpi_release (pub_key);
if (priv_key)
gcry_mpi_release (priv_key);
if (secret_mpi)
gcry_mpi_release (secret_mpi);
return rc;
}
char *
irc_sasl_mechanism_dh_blowfish (const char *data_base64,
const char *sasl_username,
const char *sasl_password)
{
char *data, *answer, *ptr_answer, *answer_base64;
unsigned char *ptr_data, *secret_bin, *public_bin;
unsigned char *password_clear, *password_crypted;
int length_data, size, num_bits_prime_number, length_key;
int length_username, length_password, length_answer;
size_t num_written;
gcry_mpi_t data_prime_number, data_generator_number, data_server_pub_key;
gcry_mpi_t pub_key, priv_key, secret_mpi;
gcry_cipher_hd_t gcrypt_handle;
data = NULL;
secret_bin = NULL;
public_bin = NULL;
password_clear = NULL;
password_crypted = NULL;
answer = NULL;
answer_base64 = NULL;
data_prime_number = NULL;
data_generator_number = NULL;
data_server_pub_key = NULL;
pub_key = NULL;
priv_key = NULL;
secret_mpi = NULL;
/* decode data */
data = malloc (strlen (data_base64) + 1);
length_data = weechat_string_decode_base64 (data_base64, data);
ptr_data = (unsigned char *)data;
/* extract prime number */
size = ntohs ((((unsigned int)ptr_data[1]) << 8) | ptr_data[0]);
ptr_data += 2;
length_data -= 2;
if (size > length_data)
goto end;
data_prime_number = gcry_mpi_new (size * 8);
gcry_mpi_scan (&data_prime_number, GCRYMPI_FMT_USG, ptr_data, size, NULL);
num_bits_prime_number = gcry_mpi_get_nbits (data_prime_number);
ptr_data += size;
length_data -= size;
/* extract generator number */
size = ntohs ((((unsigned int)ptr_data[1]) << 8) | ptr_data[0]);
ptr_data += 2;
length_data -= 2;
if (size > length_data)
goto end;
data_generator_number = gcry_mpi_new (size * 8);
gcry_mpi_scan (&data_generator_number, GCRYMPI_FMT_USG, ptr_data, size, NULL);
ptr_data += size;
length_data -= size;
/* extract server-generated public key */
size = ntohs ((((unsigned int)ptr_data[1]) << 8) | ptr_data[0]);
ptr_data += 2;
length_data -= 2;
if (size > length_data)
goto end;
data_server_pub_key = gcry_mpi_new (size * 8);
gcry_mpi_scan (&data_server_pub_key, GCRYMPI_FMT_USG, ptr_data, size, NULL);
/* generate keys */
pub_key = gcry_mpi_new (num_bits_prime_number);
priv_key = gcry_mpi_new (num_bits_prime_number);
gcry_mpi_randomize (priv_key, num_bits_prime_number, GCRY_STRONG_RANDOM);
/* pub_key = (g ^ priv_key) % p */
gcry_mpi_powm (pub_key, data_generator_number, priv_key, data_prime_number);
/* compute secret_bin */
length_key = num_bits_prime_number / 8;
secret_bin = malloc (length_key);
secret_mpi = gcry_mpi_new (num_bits_prime_number);
/* secret_mpi = (y ^ priv_key) % p */
gcry_mpi_powm (secret_mpi, data_server_pub_key, priv_key, data_prime_number);
gcry_mpi_print (GCRYMPI_FMT_USG, secret_bin, length_key,
&num_written, secret_mpi);
/* create public_bin */
public_bin = malloc (length_key);
gcry_mpi_print (GCRYMPI_FMT_USG, public_bin, length_key,
&num_written, pub_key);
/* create password buffers (clear and crypted) */
length_password = strlen (sasl_password) +
((8 - (strlen (sasl_password) % 8)) % 8);
password_clear = malloc (length_password);
password_crypted = malloc (length_password);
memset (password_clear, 0, length_password);
memset (password_crypted, 0, length_password);
memcpy (password_clear, sasl_password, strlen (sasl_password));
/* crypt password using blowfish */
if (gcry_cipher_open (&gcrypt_handle, GCRY_CIPHER_BLOWFISH,
GCRY_CIPHER_MODE_ECB, 0) != 0)
goto end;
if (gcry_cipher_setkey (gcrypt_handle, secret_bin, length_key) != 0)
goto end;
if (gcry_cipher_encrypt (gcrypt_handle,
password_crypted, length_password,
password_clear, length_password) != 0)
goto end;
/*
* build answer for server, it is concatenation of:
* 1. key length (2 bytes)
* 2. public key ('length_key' bytes)
* 3. sasl_username ('length_username'+1 bytes)
* 4. encrypted password ('length_password' bytes)
*/
length_username = strlen (sasl_username);
length_answer = 2 + length_key + length_username + 1 + length_password;
answer = malloc (length_answer);
ptr_answer = answer;
*((unsigned int *)ptr_answer) = htons(length_key);
ptr_answer += 2;
memcpy (ptr_answer, public_bin, length_key);
ptr_answer += length_key;
memcpy (ptr_answer, sasl_username, length_username + 1);
ptr_answer += length_username + 1;
memcpy (ptr_answer, password_crypted, length_password);
/* encode answer to base64 */
answer_base64 = malloc (length_answer * 4);
if (answer_base64)
weechat_string_encode_base64 (answer, length_answer, answer_base64);
end:
if (data)
free (data);
if (secret_bin)
free (secret_bin);
if (public_bin)
free (public_bin);
if (password_clear)
free (password_clear);
if (password_crypted)
free (password_crypted);
if (answer)
free (answer);
if (data_prime_number)
gcry_mpi_release (data_prime_number);
if (data_generator_number)
gcry_mpi_release (data_generator_number);
if (data_server_pub_key)
gcry_mpi_release (data_server_pub_key);
if (pub_key)
gcry_mpi_release (pub_key);
if (priv_key)
gcry_mpi_release (priv_key);
if (secret_mpi)
gcry_mpi_release (secret_mpi);
return answer_base64;
}
