20#include <gnutls/gnutls.h>
21#include <gnutls/crypto.h>
22#ifdef HAVE_GNUTLS_ABSTRACT_H
23# include <gnutls/abstract.h>
26#if !defined(HAVE_NETTLE) || !defined(HAVE_GMP) || !defined(HAVE_GNUTLS_RND)
35# include <nettle/asn1.h>
36# include <nettle/rsa.h>
37# include <nettle/bignum.h>
52#error HAVE_GNUTLS not defined, this file should not be included
63#define mpz_powm(w,n,e,m) \
64 gcry_mpi_powm((w)->num, (n)->num, (e)->num, (m)->num);
65#define mpz_init(n) do { (n)->num = NULL; } while(0)
66#define mpz_clear(n) gcry_mpi_release((n)->num)
75typedef void nettle_random_func(
void *ctx,
size_t len, uint8_t *out);
78nettle_mpz_set_str_256_u(
mpz_t x,
unsigned length,
const uint8_t *s)
80 gcry_mpi_scan(&x->num, GCRYMPI_FMT_USG, s, length, NULL);
84nettle_mpz_get_str_256(
unsigned length, uint8_t *s,
const mpz_t x)
86 gcry_mpi_print(GCRYMPI_FMT_USG, s, length, NULL, x->num);
90 const unsigned char *data, *data_end;
95enum asn1_iterator_result {
97 ASN1_ITERATOR_PRIMITIVE,
98 ASN1_ITERATOR_CONSTRUCTED,
103 ASN1_SEQUENCE = ASN1_TAG_SEQUENCE,
106static enum asn1_iterator_result
114 if (asn1_get_tag_der(der->data, der->data_end - der->data, &cls, &len, &tag) != ASN1_SUCCESS)
115 return ASN1_ITERATOR_ERROR;
118 l = asn1_get_length_der(der->data, der->data_end - der->data, &len);
120 return ASN1_ITERATOR_ERROR;
123 if (cls == ASN1_CLASS_STRUCTURED)
124 return ASN1_ITERATOR_CONSTRUCTED;
125 return ASN1_ITERATOR_PRIMITIVE;
128static enum asn1_iterator_result
129asn1_der_iterator_first(
struct asn1_der_iterator *der,
int size,
const void *der_buf)
131 der->data = (
const unsigned char *) der_buf;
132 der->data_end = der->data + size;
134 return asn1_der_iterator_next(der);
160 enum asn1_iterator_result ret;
162 ret = asn1_der_iterator_next(der);
163 if (ret != ASN1_ITERATOR_PRIMITIVE || der->type != ASN1_TAG_INTEGER)
165 gcry_mpi_scan(&key->n->num, GCRYMPI_FMT_USG, der->data, der->length, NULL);
166 key->size = (gcry_mpi_get_nbits(key->n->num)+7)/8;
167 der->data += der->length;
169 ret = asn1_der_iterator_next(der);
170 if (ret != ASN1_ITERATOR_PRIMITIVE || der->type != ASN1_TAG_INTEGER)
172 gcry_mpi_scan(&key->e->num, GCRYMPI_FMT_USG, der->data, der->length, NULL);
178sha1(uint8_t *hash,
const void *data,
size_t len)
180 gcry_md_hash_buffer(GCRY_MD_SHA1, hash, data, len);
184sha1(uint8_t *hash,
const void *data,
size_t len)
188 sha1_update(&ctx, len, (
const uint8_t *) data);
189 sha1_digest(&ctx, 20, hash);
194#define dumpl(b,l) tdsdump_dump_buf(TDS_DBG_INFO1, #b, b, l)
196#define dumpl(b,l) do {} while(0)
198#define dump(b) dumpl(b, sizeof(b))
201#define hash_func sha1
202enum { hash_len = 20 };
203enum { key_size_max = 1024 };
204static const char label[] =
"";
207memxor(uint8_t *dest,
const uint8_t *src,
size_t len)
210 for (n = 0; n < len; ++n)
211 dest[n] = dest[n] ^ src[n];
215mgf_mask(uint8_t *dest,
size_t dest_len,
const uint8_t *mask,
size_t mask_len)
218 uint8_t hash[hash_len];
219 uint8_t seed[mask_len + 4];
221 memcpy(seed, mask, mask_len);
224 TDS_PUT_UA4BE(seed+mask_len, n);
226 hash_func(hash, seed,
sizeof(seed));
227 if (dest_len <= hash_len) {
228 memxor(dest, hash, dest_len);
232 memxor(dest, hash, hash_len);
234 dest_len -= hash_len;
240oaep_encrypt(
size_t key_size,
size_t length,
const uint8_t *message,
mpz_t m)
245 uint8_t ros[hash_len];
246 uint8_t db[key_size_max - hash_len - 1];
248 const unsigned db_len = key_size - hash_len - 1;
250 if (length + hash_len * 2 + 2 > key_size)
255 memset(&em, 0,
sizeof(em));
256 hash_func(em.db, label, strlen(label));
257 em.all[key_size - length - 1] = 0x1;
258 memcpy(em.all+(key_size - length), message, length);
259 dumpl(em.db, db_len);
262 tds_random_buffer(em.ros, hash_len);
266 mgf_mask(em.db, db_len, em.ros, hash_len);
267 dumpl(em.db, db_len);
270 mgf_mask(em.ros, hash_len, em.db, db_len);
273 nettle_mpz_set_str_256_u(m, key_size, em.all);
280 size_t length,
const uint8_t *message,
mpz_t gibberish)
282 if (!oaep_encrypt(key->size, length, message, gibberish))
285 mpz_powm(gibberish, gibberish, key->e, key->n);
290tds5_rsa_encrypt(
const void *key,
size_t key_len,
const void *nonce,
size_t nonce_len,
const char *pwd,
size_t *em_size)
294 gnutls_datum_t pubkey_datum = { (
unsigned char *) key, key_len };
298 size_t message_len, pwd_len;
300 unsigned char der_buf[2048];
301 size_t size =
sizeof(der_buf);
304 rsa_public_key_init(&pubkey);
306 pwd_len = strlen(pwd);
307 message_len = nonce_len + pwd_len;
308 message = tds_new(uint8_t, message_len);
311 memcpy(message, nonce, nonce_len);
312 memcpy(message + nonce_len, pwd, pwd_len);
316 ret = gnutls_pem_base64_decode(
"RSA PUBLIC KEY", &pubkey_datum, der_buf, &size);
318 tdsdump_log(TDS_DBG_ERROR,
"Error %d decoding public key: %s\n", ret, gnutls_strerror(ret));
323 ret = asn1_der_iterator_first(&der, size, der_buf);
324 if (ret != ASN1_ITERATOR_CONSTRUCTED || der.type != ASN1_SEQUENCE) {
325 tdsdump_log(TDS_DBG_ERROR,
"Invalid DER content\n");
329 ret = rsa_public_key_from_der_iterator(&pubkey, key_size_max * 8, &der);
331 tdsdump_log(TDS_DBG_ERROR,
"Invalid DER content\n");
336 ret = rsa_encrypt_oaep(&pubkey, message_len, message, p);
338 tdsdump_log(TDS_DBG_ERROR,
"Error encrypting message\n");
342 em = tds_new(uint8_t, pubkey.size);
343 *em_size = pubkey.size;
347 nettle_mpz_get_str_256(pubkey.size, em, p);
349 tdsdump_dump_buf(TDS_DBG_INFO1,
"em", em, pubkey.size);
353 rsa_public_key_clear(&pubkey);
Definition sec_negotiate_gnutls.h:59
Definition sec_negotiate_gnutls.h:89
Definition sec_negotiate_gnutls.h:137