Moved cRsaPrivateKey to PolarSSL++, rewritten using existing objects.

2014-04-29 11:04:54 +02:00 · 2014-04-29 11:04:54 +02:00 · ec33bbe294
commit ec33bbe294
parent 0b16e6821f
9 changed files with 244 additions and 225 deletions
--- a/src/Crypto.cpp
+++ b/src/Crypto.cpp
@ -55,180 +55,6 @@ public:
 ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // cRSAPrivateKey:

-cRSAPrivateKey::cRSAPrivateKey(void)
-{
-	rsa_init(&m_Rsa, RSA_PKCS_V15, 0);
-	InitRnd();
-}
-
-
-
-
-
-cRSAPrivateKey::cRSAPrivateKey(const cRSAPrivateKey & a_Other)
-{
-	rsa_init(&m_Rsa, RSA_PKCS_V15, 0);
-	rsa_copy(&m_Rsa, &a_Other.m_Rsa);
-	InitRnd();
-}
-
-
-
-
-
-cRSAPrivateKey::~cRSAPrivateKey()
-{
-	entropy_free(&m_Entropy);
-	rsa_free(&m_Rsa);
-}
-
-
-
-
-
-void cRSAPrivateKey::InitRnd(void)
-{
-	entropy_init(&m_Entropy);
-	const unsigned char pers[] = "rsa_genkey";
-	ctr_drbg_init(&m_Ctr_drbg, entropy_func, &m_Entropy, pers, sizeof(pers) - 1);
-}
-
-
-
-
-
-bool cRSAPrivateKey::Generate(unsigned a_KeySizeBits)
-{
-	if (rsa_gen_key(&m_Rsa, ctr_drbg_random, &m_Ctr_drbg, a_KeySizeBits, 65537) != 0)
-	{
-		// Key generation failed
-		return false;
-	}
-
-	return true;
-}
-
-
-
-
-
-AString cRSAPrivateKey::GetPubKeyDER(void)
-{
-	class cPubKey
-	{
-	public:
-		cPubKey(rsa_context * a_Rsa) :
-			m_IsValid(false)
-		{
-			pk_init(&m_Key);
-			if (pk_init_ctx(&m_Key, pk_info_from_type(POLARSSL_PK_RSA)) != 0)
-			{
-				ASSERT(!"Cannot init PrivKey context");
-				return;
-			}
-			if (rsa_copy(pk_rsa(m_Key), a_Rsa) != 0)
-			{
-				ASSERT(!"Cannot copy PrivKey to PK context");
-				return;
-			}
-			m_IsValid = true;
-		}
-		
-		~cPubKey()
-		{
-			if (m_IsValid)
-			{
-				pk_free(&m_Key);
-			}
-		}
-		
-		operator pk_context * (void) { return &m_Key; }
-		
-	protected:
-		bool m_IsValid;
-		pk_context m_Key;
-	} PkCtx(&m_Rsa);
-	
-	unsigned char buf[3000];
-	int res = pk_write_pubkey_der(PkCtx, buf, sizeof(buf));
-	if (res < 0)
-	{
-		return AString();
-	}
-	return AString((const char *)(buf + sizeof(buf) - res), (size_t)res);
-}
-
-
-
-
-
-int cRSAPrivateKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength)
-{
-	if (a_EncryptedLength < m_Rsa.len)
-	{
-		LOGD("%s: Invalid a_EncryptedLength: got %u, exp at least %u",
-			__FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len)
-		);
-		ASSERT(!"Invalid a_DecryptedMaxLength!");
-		return -1;
-	}
-	if (a_DecryptedMaxLength < m_Rsa.len)
-	{
-		LOGD("%s: Invalid a_DecryptedMaxLength: got %u, exp at least %u",
-			__FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len)
-		);
-		ASSERT(!"Invalid a_DecryptedMaxLength!");
-		return -1;
-	}
-	size_t DecryptedLength;
-	int res = rsa_pkcs1_decrypt(
-		&m_Rsa, ctr_drbg_random, &m_Ctr_drbg, RSA_PRIVATE, &DecryptedLength,
-		a_EncryptedData, a_DecryptedData, a_DecryptedMaxLength
-	);
-	if (res != 0)
-	{
-		return -1;
-	}
-	return (int)DecryptedLength;
-}
-
-
-
-
-
-int cRSAPrivateKey::Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength)
-{
-	if (a_EncryptedMaxLength < m_Rsa.len)
-	{
-		LOGD("%s: Invalid a_EncryptedMaxLength: got %u, exp at least %u",
-			__FUNCTION__, (unsigned)a_EncryptedMaxLength, (unsigned)(m_Rsa.len)
-		);
-		ASSERT(!"Invalid a_DecryptedMaxLength!");
-		return -1;
-	}
-	if (a_PlainLength < m_Rsa.len)
-	{
-		LOGD("%s: Invalid a_PlainLength: got %u, exp at least %u",
-			__FUNCTION__, (unsigned)a_PlainLength, (unsigned)(m_Rsa.len)
-		);
-		ASSERT(!"Invalid a_PlainLength!");
-		return -1;
-	}
-	int res = rsa_pkcs1_encrypt(
-		&m_Rsa, ctr_drbg_random, &m_Ctr_drbg, RSA_PRIVATE,
-		a_PlainLength, a_PlainData, a_EncryptedData
-	);
-	if (res != 0)
-	{
-		return -1;
-	}
-	return (int)m_Rsa.len;
-}
-
-
-
-
-
 ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // cPublicKey:

--- a/src/Crypto.h
+++ b/src/Crypto.h
@ -20,49 +20,6 @@



-/** Encapsulates an RSA private key used in PKI cryptography */
-class cRSAPrivateKey
-{
-public:
-	/** Creates a new empty object, the key is not assigned */
-	cRSAPrivateKey(void);
-	
-	/** Deep-copies the key from a_Other */
-	cRSAPrivateKey(const cRSAPrivateKey & a_Other);
-	
-	~cRSAPrivateKey();
-	
-	/** Generates a new key within this object, with the specified size in bits.
-	Returns true on success, false on failure. */
-	bool Generate(unsigned a_KeySizeBits = 1024);
-	
-	/** Returns the public key part encoded in ASN1 DER encoding */
-	AString GetPubKeyDER(void);
-	
-	/** Decrypts the data using RSAES-PKCS#1 algorithm.
-	Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
-	Returns the number of bytes decrypted, or negative number for error. */
-	int Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength);
-	
-	/** Encrypts the data using RSAES-PKCS#1 algorithm.
-	Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
-	Returns the number of bytes decrypted, or negative number for error. */
-	int Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength);
-	
-protected:
-	rsa_context m_Rsa;
-	entropy_context m_Entropy;
-	ctr_drbg_context m_Ctr_drbg;
-	
-	/** Initializes the m_Entropy and m_Ctr_drbg contexts
-	Common part of this object's construction, called from all constructors. */
-	void InitRnd(void);
-} ;
-
-
-
-
-
 class cPublicKey
 {
 public:
--- a/src/PolarSSL++/CMakeLists.txt
+++ b/src/PolarSSL++/CMakeLists.txt
@ -10,6 +10,7 @@ set(SOURCES
 	"CallbackSslContext.cpp"
 	"CtrDrbgContext.cpp"
 	"EntropyContext.cpp"
+	"RsaPrivateKey.cpp"
 	"SslContext.cpp"
 	"X509Cert.cpp"
 )
@ -20,6 +21,7 @@ set(HEADERS
 	"CallbackSslContext.h"
 	"CtrDrbgContext.h"
 	"EntropyContext.h"
+	"RsaPrivateKey.h"
 	"SslContext.h"
 	"X509Cert.h"
 )
--- a/src/PolarSSL++/CtrDrbgContext.h
+++ b/src/PolarSSL++/CtrDrbgContext.h
@ -25,6 +25,7 @@ class cEntropyContext;
 class cCtrDrbgContext
 {
 	friend class cSslContext;
+	friend class cRsaPrivateKey;
 	
 public:
 	/** Constructs the context with a new entropy context. */
@ -41,9 +42,6 @@ public:
 	/** Returns true if the object is valid (has been initialized properly) */
 	bool IsValid(void) const { return m_IsValid; }
 	
-	/** Returns the internal context ptr. Only use in PolarSSL API calls. */
-	OBSOLETE ctr_drbg_context * Get(void) { return &m_CtrDrbg; }
-	
 protected:
 	/** The entropy source used for generating the random */
 	SharedPtr<cEntropyContext> m_EntropyContext;
@ -53,6 +51,10 @@ protected:
 	
 	/** Set to true if the object is valid (has been initialized properly) */
 	bool m_IsValid;
+
+
+	/** Returns the internal context ptr. Only use in PolarSSL API calls. */
+	ctr_drbg_context * GetInternal(void) { return &m_CtrDrbg; }
 } ;


--- a/src/PolarSSL++/RsaPrivateKey.cpp
+++ b/src/PolarSSL++/RsaPrivateKey.cpp
@ -0,0 +1,173 @@
+
+// RsaPrivateKey.cpp
+
+#include "Globals.h"
+#include "RsaPrivateKey.h"
+#include "CtrDrbgContext.h"
+#include "polarssl/pk.h"
+
+
+
+
+
+
+cRsaPrivateKey::cRsaPrivateKey(void)
+{
+	rsa_init(&m_Rsa, RSA_PKCS_V15, 0);
+}
+
+
+
+
+
+cRsaPrivateKey::cRsaPrivateKey(const cRsaPrivateKey & a_Other)
+{
+	rsa_init(&m_Rsa, RSA_PKCS_V15, 0);
+	rsa_copy(&m_Rsa, &a_Other.m_Rsa);
+}
+
+
+
+
+
+cRsaPrivateKey::~cRsaPrivateKey()
+{
+	rsa_free(&m_Rsa);
+}
+
+
+
+
+
+bool cRsaPrivateKey::Generate(unsigned a_KeySizeBits)
+{
+	if (rsa_gen_key(&m_Rsa, ctr_drbg_random, m_CtrDrbg.GetInternal(), a_KeySizeBits, 65537) != 0)
+	{
+		// Key generation failed
+		return false;
+	}
+
+	return true;
+}
+
+
+
+
+
+AString cRsaPrivateKey::GetPubKeyDER(void)
+{
+	class cPubKey
+	{
+	public:
+		cPubKey(rsa_context * a_Rsa) :
+			m_IsValid(false)
+		{
+			pk_init(&m_Key);
+			if (pk_init_ctx(&m_Key, pk_info_from_type(POLARSSL_PK_RSA)) != 0)
+			{
+				ASSERT(!"Cannot init PrivKey context");
+				return;
+			}
+			if (rsa_copy(pk_rsa(m_Key), a_Rsa) != 0)
+			{
+				ASSERT(!"Cannot copy PrivKey to PK context");
+				return;
+			}
+			m_IsValid = true;
+		}
+		
+		~cPubKey()
+		{
+			if (m_IsValid)
+			{
+				pk_free(&m_Key);
+			}
+		}
+		
+		operator pk_context * (void) { return &m_Key; }
+		
+	protected:
+		bool m_IsValid;
+		pk_context m_Key;
+	} PkCtx(&m_Rsa);
+	
+	unsigned char buf[3000];
+	int res = pk_write_pubkey_der(PkCtx, buf, sizeof(buf));
+	if (res < 0)
+	{
+		return AString();
+	}
+	return AString((const char *)(buf + sizeof(buf) - res), (size_t)res);
+}
+
+
+
+
+
+int cRsaPrivateKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength)
+{
+	if (a_EncryptedLength < m_Rsa.len)
+	{
+		LOGD("%s: Invalid a_EncryptedLength: got %u, exp at least %u",
+			__FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len)
+		);
+		ASSERT(!"Invalid a_DecryptedMaxLength!");
+		return -1;
+	}
+	if (a_DecryptedMaxLength < m_Rsa.len)
+	{
+		LOGD("%s: Invalid a_DecryptedMaxLength: got %u, exp at least %u",
+			__FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len)
+		);
+		ASSERT(!"Invalid a_DecryptedMaxLength!");
+		return -1;
+	}
+	size_t DecryptedLength;
+	int res = rsa_pkcs1_decrypt(
+		&m_Rsa, ctr_drbg_random, m_CtrDrbg.GetInternal(), RSA_PRIVATE, &DecryptedLength,
+		a_EncryptedData, a_DecryptedData, a_DecryptedMaxLength
+	);
+	if (res != 0)
+	{
+		return -1;
+	}
+	return (int)DecryptedLength;
+}
+
+
+
+
+
+int cRsaPrivateKey::Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength)
+{
+	if (a_EncryptedMaxLength < m_Rsa.len)
+	{
+		LOGD("%s: Invalid a_EncryptedMaxLength: got %u, exp at least %u",
+			__FUNCTION__, (unsigned)a_EncryptedMaxLength, (unsigned)(m_Rsa.len)
+		);
+		ASSERT(!"Invalid a_DecryptedMaxLength!");
+		return -1;
+	}
+	if (a_PlainLength < m_Rsa.len)
+	{
+		LOGD("%s: Invalid a_PlainLength: got %u, exp at least %u",
+			__FUNCTION__, (unsigned)a_PlainLength, (unsigned)(m_Rsa.len)
+		);
+		ASSERT(!"Invalid a_PlainLength!");
+		return -1;
+	}
+	int res = rsa_pkcs1_encrypt(
+		&m_Rsa, ctr_drbg_random, m_CtrDrbg.GetInternal(), RSA_PRIVATE,
+		a_PlainLength, a_PlainData, a_EncryptedData
+	);
+	if (res != 0)
+	{
+		return -1;
+	}
+	return (int)m_Rsa.len;
+}
+
+
+
+
+
--- a/src/PolarSSL++/RsaPrivateKey.h
+++ b/src/PolarSSL++/RsaPrivateKey.h
@ -0,0 +1,59 @@
+
+// RsaPrivateKey.h
+
+// Declares the cRsaPrivateKey class representing a private key for RSA operations.
+
+
+
+
+
+#pragma once
+
+#include "CtrDrbgContext.h"
+#include "polarssl/rsa.h"
+
+
+
+
+
+/** Encapsulates an RSA private key used in PKI cryptography */
+class cRsaPrivateKey
+{
+public:
+	/** Creates a new empty object, the key is not assigned */
+	cRsaPrivateKey(void);
+	
+	/** Deep-copies the key from a_Other */
+	cRsaPrivateKey(const cRsaPrivateKey & a_Other);
+	
+	~cRsaPrivateKey();
+	
+	/** Generates a new key within this object, with the specified size in bits.
+	Returns true on success, false on failure. */
+	bool Generate(unsigned a_KeySizeBits = 1024);
+	
+	/** Returns the public key part encoded in ASN1 DER encoding */
+	AString GetPubKeyDER(void);
+	
+	/** Decrypts the data using RSAES-PKCS#1 algorithm.
+	Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
+	Returns the number of bytes decrypted, or negative number for error. */
+	int Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength);
+	
+	/** Encrypts the data using RSAES-PKCS#1 algorithm.
+	Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
+	Returns the number of bytes decrypted, or negative number for error. */
+	int Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength);
+	
+protected:
+	/** The PolarSSL key context */
+	rsa_context m_Rsa;
+
+	/** The random generator used for generating the key and encryption / decryption */
+	cCtrDrbgContext m_CtrDrbg;
+} ;
+
+
+
+
+
--- a/src/Protocol/Protocol132.cpp
+++ b/src/Protocol/Protocol132.cpp
@ -819,7 +819,7 @@ void cProtocol132::SendEncryptionKeyRequest(void)
 void cProtocol132::HandleEncryptionKeyResponse(const AString & a_EncKey, const AString & a_EncNonce)
 {
 	// Decrypt EncNonce using privkey
-	cRSAPrivateKey & rsaDecryptor = cRoot::Get()->GetServer()->GetPrivateKey();
+	cRsaPrivateKey & rsaDecryptor = cRoot::Get()->GetServer()->GetPrivateKey();

 	Int32 DecryptedNonce[MAX_ENC_LEN / sizeof(Int32)];
 	int res = rsaDecryptor.Decrypt((const Byte *)a_EncNonce.data(), a_EncNonce.size(), (Byte *)DecryptedNonce, sizeof(DecryptedNonce));
--- a/src/Protocol/Protocol17x.cpp
+++ b/src/Protocol/Protocol17x.cpp
@ -1690,7 +1690,7 @@ void cProtocol172::HandlePacketLoginEncryptionResponse(cByteBuffer & a_ByteBuffe
 	}

 	// Decrypt EncNonce using privkey
-	cRSAPrivateKey & rsaDecryptor = cRoot::Get()->GetServer()->GetPrivateKey();
+	cRsaPrivateKey & rsaDecryptor = cRoot::Get()->GetServer()->GetPrivateKey();
 	Int32 DecryptedNonce[MAX_ENC_LEN / sizeof(Int32)];
 	int res = rsaDecryptor.Decrypt((const Byte *)EncNonce.data(), EncNonce.size(), (Byte *)DecryptedNonce, sizeof(DecryptedNonce));
 	if (res != 4)
--- a/src/Server.h
+++ b/src/Server.h
@ -23,7 +23,7 @@
 	#pragma warning(disable:4702)
 #endif

-#include "Crypto.h"
+#include "PolarSSL++/RsaPrivateKey.h"

 #ifdef _MSC_VER
 	#pragma warning(pop)
@ -109,7 +109,7 @@ public:												// tolua_export
 	/** Returns base64 encoded favicon data (obtained from favicon.png) */
 	const AString & GetFaviconData(void) const { return m_FaviconData; }
 	
-	cRSAPrivateKey & GetPrivateKey(void) { return m_PrivateKey; }
+	cRsaPrivateKey & GetPrivateKey(void) { return m_PrivateKey; }
 	const AString & GetPublicKeyDER(void) const { return m_PublicKeyDER; }
 	
 	bool ShouldAuthenticate(void) const { return m_ShouldAuthenticate; }
@ -182,7 +182,7 @@ private:
 	bool m_bRestarting;
 	
 	/** The private key used for the assymetric encryption start in the protocols */
-	cRSAPrivateKey m_PrivateKey;
+	cRsaPrivateKey m_PrivateKey;
 	
 	/** Public key for m_PrivateKey, ASN1-DER-encoded */
 	AString m_PublicKeyDER;