summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormadmaxoft <github@xoft.cz>2014-04-29 11:04:54 +0200
committermadmaxoft <github@xoft.cz>2014-04-29 11:04:54 +0200
commitec33bbe2949010e1ed377b9dcc1ace56a0126bfe (patch)
treed6414c36a96b1ab361337ff1636b67f0b5b5a95f
parentMerged branch 'master' into SslWrappers. (diff)
downloadcuberite-ec33bbe2949010e1ed377b9dcc1ace56a0126bfe.tar
cuberite-ec33bbe2949010e1ed377b9dcc1ace56a0126bfe.tar.gz
cuberite-ec33bbe2949010e1ed377b9dcc1ace56a0126bfe.tar.bz2
cuberite-ec33bbe2949010e1ed377b9dcc1ace56a0126bfe.tar.lz
cuberite-ec33bbe2949010e1ed377b9dcc1ace56a0126bfe.tar.xz
cuberite-ec33bbe2949010e1ed377b9dcc1ace56a0126bfe.tar.zst
cuberite-ec33bbe2949010e1ed377b9dcc1ace56a0126bfe.zip
-rw-r--r--src/Crypto.cpp174
-rw-r--r--src/Crypto.h43
-rw-r--r--src/PolarSSL++/CMakeLists.txt2
-rw-r--r--src/PolarSSL++/CtrDrbgContext.h8
-rw-r--r--src/PolarSSL++/RsaPrivateKey.cpp173
-rw-r--r--src/PolarSSL++/RsaPrivateKey.h59
-rw-r--r--src/Protocol/Protocol132.cpp2
-rw-r--r--src/Protocol/Protocol17x.cpp2
-rw-r--r--src/Server.h6
9 files changed, 244 insertions, 225 deletions
diff --git a/src/Crypto.cpp b/src/Crypto.cpp
index 16be5ec35..dd8787293 100644
--- a/src/Crypto.cpp
+++ b/src/Crypto.cpp
@@ -55,180 +55,6 @@ public:
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// cRSAPrivateKey:
-cRSAPrivateKey::cRSAPrivateKey(void)
-{
- rsa_init(&m_Rsa, RSA_PKCS_V15, 0);
- InitRnd();
-}
-
-
-
-
-
-cRSAPrivateKey::cRSAPrivateKey(const cRSAPrivateKey & a_Other)
-{
- rsa_init(&m_Rsa, RSA_PKCS_V15, 0);
- rsa_copy(&m_Rsa, &a_Other.m_Rsa);
- InitRnd();
-}
-
-
-
-
-
-cRSAPrivateKey::~cRSAPrivateKey()
-{
- entropy_free(&m_Entropy);
- rsa_free(&m_Rsa);
-}
-
-
-
-
-
-void cRSAPrivateKey::InitRnd(void)
-{
- entropy_init(&m_Entropy);
- const unsigned char pers[] = "rsa_genkey";
- ctr_drbg_init(&m_Ctr_drbg, entropy_func, &m_Entropy, pers, sizeof(pers) - 1);
-}
-
-
-
-
-
-bool cRSAPrivateKey::Generate(unsigned a_KeySizeBits)
-{
- if (rsa_gen_key(&m_Rsa, ctr_drbg_random, &m_Ctr_drbg, a_KeySizeBits, 65537) != 0)
- {
- // Key generation failed
- return false;
- }
-
- return true;
-}
-
-
-
-
-
-AString cRSAPrivateKey::GetPubKeyDER(void)
-{
- class cPubKey
- {
- public:
- cPubKey(rsa_context * a_Rsa) :
- m_IsValid(false)
- {
- pk_init(&m_Key);
- if (pk_init_ctx(&m_Key, pk_info_from_type(POLARSSL_PK_RSA)) != 0)
- {
- ASSERT(!"Cannot init PrivKey context");
- return;
- }
- if (rsa_copy(pk_rsa(m_Key), a_Rsa) != 0)
- {
- ASSERT(!"Cannot copy PrivKey to PK context");
- return;
- }
- m_IsValid = true;
- }
-
- ~cPubKey()
- {
- if (m_IsValid)
- {
- pk_free(&m_Key);
- }
- }
-
- operator pk_context * (void) { return &m_Key; }
-
- protected:
- bool m_IsValid;
- pk_context m_Key;
- } PkCtx(&m_Rsa);
-
- unsigned char buf[3000];
- int res = pk_write_pubkey_der(PkCtx, buf, sizeof(buf));
- if (res < 0)
- {
- return AString();
- }
- return AString((const char *)(buf + sizeof(buf) - res), (size_t)res);
-}
-
-
-
-
-
-int cRSAPrivateKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength)
-{
- if (a_EncryptedLength < m_Rsa.len)
- {
- LOGD("%s: Invalid a_EncryptedLength: got %u, exp at least %u",
- __FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len)
- );
- ASSERT(!"Invalid a_DecryptedMaxLength!");
- return -1;
- }
- if (a_DecryptedMaxLength < m_Rsa.len)
- {
- LOGD("%s: Invalid a_DecryptedMaxLength: got %u, exp at least %u",
- __FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len)
- );
- ASSERT(!"Invalid a_DecryptedMaxLength!");
- return -1;
- }
- size_t DecryptedLength;
- int res = rsa_pkcs1_decrypt(
- &m_Rsa, ctr_drbg_random, &m_Ctr_drbg, RSA_PRIVATE, &DecryptedLength,
- a_EncryptedData, a_DecryptedData, a_DecryptedMaxLength
- );
- if (res != 0)
- {
- return -1;
- }
- return (int)DecryptedLength;
-}
-
-
-
-
-
-int cRSAPrivateKey::Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength)
-{
- if (a_EncryptedMaxLength < m_Rsa.len)
- {
- LOGD("%s: Invalid a_EncryptedMaxLength: got %u, exp at least %u",
- __FUNCTION__, (unsigned)a_EncryptedMaxLength, (unsigned)(m_Rsa.len)
- );
- ASSERT(!"Invalid a_DecryptedMaxLength!");
- return -1;
- }
- if (a_PlainLength < m_Rsa.len)
- {
- LOGD("%s: Invalid a_PlainLength: got %u, exp at least %u",
- __FUNCTION__, (unsigned)a_PlainLength, (unsigned)(m_Rsa.len)
- );
- ASSERT(!"Invalid a_PlainLength!");
- return -1;
- }
- int res = rsa_pkcs1_encrypt(
- &m_Rsa, ctr_drbg_random, &m_Ctr_drbg, RSA_PRIVATE,
- a_PlainLength, a_PlainData, a_EncryptedData
- );
- if (res != 0)
- {
- return -1;
- }
- return (int)m_Rsa.len;
-}
-
-
-
-
-
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// cPublicKey:
diff --git a/src/Crypto.h b/src/Crypto.h
index a9ec2c6d4..24f246897 100644
--- a/src/Crypto.h
+++ b/src/Crypto.h
@@ -20,49 +20,6 @@
-/** Encapsulates an RSA private key used in PKI cryptography */
-class cRSAPrivateKey
-{
-public:
- /** Creates a new empty object, the key is not assigned */
- cRSAPrivateKey(void);
-
- /** Deep-copies the key from a_Other */
- cRSAPrivateKey(const cRSAPrivateKey & a_Other);
-
- ~cRSAPrivateKey();
-
- /** Generates a new key within this object, with the specified size in bits.
- Returns true on success, false on failure. */
- bool Generate(unsigned a_KeySizeBits = 1024);
-
- /** Returns the public key part encoded in ASN1 DER encoding */
- AString GetPubKeyDER(void);
-
- /** Decrypts the data using RSAES-PKCS#1 algorithm.
- Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
- Returns the number of bytes decrypted, or negative number for error. */
- int Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength);
-
- /** Encrypts the data using RSAES-PKCS#1 algorithm.
- Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
- Returns the number of bytes decrypted, or negative number for error. */
- int Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength);
-
-protected:
- rsa_context m_Rsa;
- entropy_context m_Entropy;
- ctr_drbg_context m_Ctr_drbg;
-
- /** Initializes the m_Entropy and m_Ctr_drbg contexts
- Common part of this object's construction, called from all constructors. */
- void InitRnd(void);
-} ;
-
-
-
-
-
class cPublicKey
{
public:
diff --git a/src/PolarSSL++/CMakeLists.txt b/src/PolarSSL++/CMakeLists.txt
index 0493baba4..ebdd52de5 100644
--- a/src/PolarSSL++/CMakeLists.txt
+++ b/src/PolarSSL++/CMakeLists.txt
@@ -10,6 +10,7 @@ set(SOURCES
"CallbackSslContext.cpp"
"CtrDrbgContext.cpp"
"EntropyContext.cpp"
+ "RsaPrivateKey.cpp"
"SslContext.cpp"
"X509Cert.cpp"
)
@@ -20,6 +21,7 @@ set(HEADERS
"CallbackSslContext.h"
"CtrDrbgContext.h"
"EntropyContext.h"
+ "RsaPrivateKey.h"
"SslContext.h"
"X509Cert.h"
)
diff --git a/src/PolarSSL++/CtrDrbgContext.h b/src/PolarSSL++/CtrDrbgContext.h
index e9a1e17e2..817222a53 100644
--- a/src/PolarSSL++/CtrDrbgContext.h
+++ b/src/PolarSSL++/CtrDrbgContext.h
@@ -25,6 +25,7 @@ class cEntropyContext;
class cCtrDrbgContext
{
friend class cSslContext;
+ friend class cRsaPrivateKey;
public:
/** Constructs the context with a new entropy context. */
@@ -41,9 +42,6 @@ public:
/** Returns true if the object is valid (has been initialized properly) */
bool IsValid(void) const { return m_IsValid; }
- /** Returns the internal context ptr. Only use in PolarSSL API calls. */
- OBSOLETE ctr_drbg_context * Get(void) { return &m_CtrDrbg; }
-
protected:
/** The entropy source used for generating the random */
SharedPtr<cEntropyContext> m_EntropyContext;
@@ -53,6 +51,10 @@ protected:
/** Set to true if the object is valid (has been initialized properly) */
bool m_IsValid;
+
+
+ /** Returns the internal context ptr. Only use in PolarSSL API calls. */
+ ctr_drbg_context * GetInternal(void) { return &m_CtrDrbg; }
} ;
diff --git a/src/PolarSSL++/RsaPrivateKey.cpp b/src/PolarSSL++/RsaPrivateKey.cpp
new file mode 100644
index 000000000..d042139cf
--- /dev/null
+++ b/src/PolarSSL++/RsaPrivateKey.cpp
@@ -0,0 +1,173 @@
+
+// RsaPrivateKey.cpp
+
+#include "Globals.h"
+#include "RsaPrivateKey.h"
+#include "CtrDrbgContext.h"
+#include "polarssl/pk.h"
+
+
+
+
+
+
+cRsaPrivateKey::cRsaPrivateKey(void)
+{
+ rsa_init(&m_Rsa, RSA_PKCS_V15, 0);
+}
+
+
+
+
+
+cRsaPrivateKey::cRsaPrivateKey(const cRsaPrivateKey & a_Other)
+{
+ rsa_init(&m_Rsa, RSA_PKCS_V15, 0);
+ rsa_copy(&m_Rsa, &a_Other.m_Rsa);
+}
+
+
+
+
+
+cRsaPrivateKey::~cRsaPrivateKey()
+{
+ rsa_free(&m_Rsa);
+}
+
+
+
+
+
+bool cRsaPrivateKey::Generate(unsigned a_KeySizeBits)
+{
+ if (rsa_gen_key(&m_Rsa, ctr_drbg_random, m_CtrDrbg.GetInternal(), a_KeySizeBits, 65537) != 0)
+ {
+ // Key generation failed
+ return false;
+ }
+
+ return true;
+}
+
+
+
+
+
+AString cRsaPrivateKey::GetPubKeyDER(void)
+{
+ class cPubKey
+ {
+ public:
+ cPubKey(rsa_context * a_Rsa) :
+ m_IsValid(false)
+ {
+ pk_init(&m_Key);
+ if (pk_init_ctx(&m_Key, pk_info_from_type(POLARSSL_PK_RSA)) != 0)
+ {
+ ASSERT(!"Cannot init PrivKey context");
+ return;
+ }
+ if (rsa_copy(pk_rsa(m_Key), a_Rsa) != 0)
+ {
+ ASSERT(!"Cannot copy PrivKey to PK context");
+ return;
+ }
+ m_IsValid = true;
+ }
+
+ ~cPubKey()
+ {
+ if (m_IsValid)
+ {
+ pk_free(&m_Key);
+ }
+ }
+
+ operator pk_context * (void) { return &m_Key; }
+
+ protected:
+ bool m_IsValid;
+ pk_context m_Key;
+ } PkCtx(&m_Rsa);
+
+ unsigned char buf[3000];
+ int res = pk_write_pubkey_der(PkCtx, buf, sizeof(buf));
+ if (res < 0)
+ {
+ return AString();
+ }
+ return AString((const char *)(buf + sizeof(buf) - res), (size_t)res);
+}
+
+
+
+
+
+int cRsaPrivateKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength)
+{
+ if (a_EncryptedLength < m_Rsa.len)
+ {
+ LOGD("%s: Invalid a_EncryptedLength: got %u, exp at least %u",
+ __FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len)
+ );
+ ASSERT(!"Invalid a_DecryptedMaxLength!");
+ return -1;
+ }
+ if (a_DecryptedMaxLength < m_Rsa.len)
+ {
+ LOGD("%s: Invalid a_DecryptedMaxLength: got %u, exp at least %u",
+ __FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len)
+ );
+ ASSERT(!"Invalid a_DecryptedMaxLength!");
+ return -1;
+ }
+ size_t DecryptedLength;
+ int res = rsa_pkcs1_decrypt(
+ &m_Rsa, ctr_drbg_random, m_CtrDrbg.GetInternal(), RSA_PRIVATE, &DecryptedLength,
+ a_EncryptedData, a_DecryptedData, a_DecryptedMaxLength
+ );
+ if (res != 0)
+ {
+ return -1;
+ }
+ return (int)DecryptedLength;
+}
+
+
+
+
+
+int cRsaPrivateKey::Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength)
+{
+ if (a_EncryptedMaxLength < m_Rsa.len)
+ {
+ LOGD("%s: Invalid a_EncryptedMaxLength: got %u, exp at least %u",
+ __FUNCTION__, (unsigned)a_EncryptedMaxLength, (unsigned)(m_Rsa.len)
+ );
+ ASSERT(!"Invalid a_DecryptedMaxLength!");
+ return -1;
+ }
+ if (a_PlainLength < m_Rsa.len)
+ {
+ LOGD("%s: Invalid a_PlainLength: got %u, exp at least %u",
+ __FUNCTION__, (unsigned)a_PlainLength, (unsigned)(m_Rsa.len)
+ );
+ ASSERT(!"Invalid a_PlainLength!");
+ return -1;
+ }
+ int res = rsa_pkcs1_encrypt(
+ &m_Rsa, ctr_drbg_random, m_CtrDrbg.GetInternal(), RSA_PRIVATE,
+ a_PlainLength, a_PlainData, a_EncryptedData
+ );
+ if (res != 0)
+ {
+ return -1;
+ }
+ return (int)m_Rsa.len;
+}
+
+
+
+
+
diff --git a/src/PolarSSL++/RsaPrivateKey.h b/src/PolarSSL++/RsaPrivateKey.h
new file mode 100644
index 000000000..ffacde11b
--- /dev/null
+++ b/src/PolarSSL++/RsaPrivateKey.h
@@ -0,0 +1,59 @@
+
+// RsaPrivateKey.h
+
+// Declares the cRsaPrivateKey class representing a private key for RSA operations.
+
+
+
+
+
+#pragma once
+
+#include "CtrDrbgContext.h"
+#include "polarssl/rsa.h"
+
+
+
+
+
+/** Encapsulates an RSA private key used in PKI cryptography */
+class cRsaPrivateKey
+{
+public:
+ /** Creates a new empty object, the key is not assigned */
+ cRsaPrivateKey(void);
+
+ /** Deep-copies the key from a_Other */
+ cRsaPrivateKey(const cRsaPrivateKey & a_Other);
+
+ ~cRsaPrivateKey();
+
+ /** Generates a new key within this object, with the specified size in bits.
+ Returns true on success, false on failure. */
+ bool Generate(unsigned a_KeySizeBits = 1024);
+
+ /** Returns the public key part encoded in ASN1 DER encoding */
+ AString GetPubKeyDER(void);
+
+ /** Decrypts the data using RSAES-PKCS#1 algorithm.
+ Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
+ Returns the number of bytes decrypted, or negative number for error. */
+ int Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength);
+
+ /** Encrypts the data using RSAES-PKCS#1 algorithm.
+ Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
+ Returns the number of bytes decrypted, or negative number for error. */
+ int Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength);
+
+protected:
+ /** The PolarSSL key context */
+ rsa_context m_Rsa;
+
+ /** The random generator used for generating the key and encryption / decryption */
+ cCtrDrbgContext m_CtrDrbg;
+} ;
+
+
+
+
+
diff --git a/src/Protocol/Protocol132.cpp b/src/Protocol/Protocol132.cpp
index 53d8c1561..acfa5e811 100644
--- a/src/Protocol/Protocol132.cpp
+++ b/src/Protocol/Protocol132.cpp
@@ -819,7 +819,7 @@ void cProtocol132::SendEncryptionKeyRequest(void)
void cProtocol132::HandleEncryptionKeyResponse(const AString & a_EncKey, const AString & a_EncNonce)
{
// Decrypt EncNonce using privkey
- cRSAPrivateKey & rsaDecryptor = cRoot::Get()->GetServer()->GetPrivateKey();
+ cRsaPrivateKey & rsaDecryptor = cRoot::Get()->GetServer()->GetPrivateKey();
Int32 DecryptedNonce[MAX_ENC_LEN / sizeof(Int32)];
int res = rsaDecryptor.Decrypt((const Byte *)a_EncNonce.data(), a_EncNonce.size(), (Byte *)DecryptedNonce, sizeof(DecryptedNonce));
diff --git a/src/Protocol/Protocol17x.cpp b/src/Protocol/Protocol17x.cpp
index a04d8ac3c..001b8c219 100644
--- a/src/Protocol/Protocol17x.cpp
+++ b/src/Protocol/Protocol17x.cpp
@@ -1690,7 +1690,7 @@ void cProtocol172::HandlePacketLoginEncryptionResponse(cByteBuffer & a_ByteBuffe
}
// Decrypt EncNonce using privkey
- cRSAPrivateKey & rsaDecryptor = cRoot::Get()->GetServer()->GetPrivateKey();
+ cRsaPrivateKey & rsaDecryptor = cRoot::Get()->GetServer()->GetPrivateKey();
Int32 DecryptedNonce[MAX_ENC_LEN / sizeof(Int32)];
int res = rsaDecryptor.Decrypt((const Byte *)EncNonce.data(), EncNonce.size(), (Byte *)DecryptedNonce, sizeof(DecryptedNonce));
if (res != 4)
diff --git a/src/Server.h b/src/Server.h
index 51c450ebd..3d76c8ccf 100644
--- a/src/Server.h
+++ b/src/Server.h
@@ -23,7 +23,7 @@
#pragma warning(disable:4702)
#endif
-#include "Crypto.h"
+#include "PolarSSL++/RsaPrivateKey.h"
#ifdef _MSC_VER
#pragma warning(pop)
@@ -109,7 +109,7 @@ public: // tolua_export
/** Returns base64 encoded favicon data (obtained from favicon.png) */
const AString & GetFaviconData(void) const { return m_FaviconData; }
- cRSAPrivateKey & GetPrivateKey(void) { return m_PrivateKey; }
+ cRsaPrivateKey & GetPrivateKey(void) { return m_PrivateKey; }
const AString & GetPublicKeyDER(void) const { return m_PublicKeyDER; }
bool ShouldAuthenticate(void) const { return m_ShouldAuthenticate; }
@@ -182,7 +182,7 @@ private:
bool m_bRestarting;
/** The private key used for the assymetric encryption start in the protocols */
- cRSAPrivateKey m_PrivateKey;
+ cRsaPrivateKey m_PrivateKey;
/** Public key for m_PrivateKey, ASN1-DER-encoded */
AString m_PublicKeyDER;