1 // This file is part of BOINC. 2 // http://boinc.berkeley.edu 3 // Copyright (C) 2008 University of California 4 // 5 // BOINC is free software; you can redistribute it and/or modify it 6 // under the terms of the GNU Lesser General Public License 7 // as published by the Free Software Foundation, 8 // either version 3 of the License, or (at your option) any later version. 9 // 10 // BOINC is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 // See the GNU Lesser General Public License for more details. 14 // 15 // You should have received a copy of the GNU Lesser General Public License 16 // along with BOINC. If not, see <http://www.gnu.org/licenses/>. 17 18 #ifndef BOINC_CRYPT_H 19 #define BOINC_CRYPT_H 20 21 // We're set up to use either RSAEuro or the OpenSSL crypto library. 22 // We use our own data structures (R_RSA_PUBLIC_KEY and R_RSA_PRIVATE_KEY) 23 // to store keys in either case. 24 25 #include <cstdio> 26 27 #include <openssl/rsa.h> 28 29 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* OpenSSL 1.1.0+ */ 30 #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */ 31 #define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ 32 #endif 33 34 #define MAX_RSA_MODULUS_BITS 1024 35 #define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8) 36 #define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2) 37 #define MAX_RSA_PRIME_LEN ((MAX_RSA_PRIME_BITS + 7) / 8) 38 39 typedef struct { 40 unsigned short int bits; /* length in bits of modulus */ 41 unsigned char modulus[MAX_RSA_MODULUS_LEN]; /* modulus */ 42 unsigned char exponent[MAX_RSA_MODULUS_LEN]; /* public exponent */ 43 } R_RSA_PUBLIC_KEY; 44 45 typedef struct { 46 unsigned short int bits; /* length in bits of modulus */ 47 unsigned char modulus[MAX_RSA_MODULUS_LEN]; /* modulus */ 48 unsigned char publicExponent[MAX_RSA_MODULUS_LEN]; /* public exponent */ 49 unsigned char exponent[MAX_RSA_MODULUS_LEN]; /* private exponent */ 50 unsigned char prime[2][MAX_RSA_PRIME_LEN]; /* prime factors */ 51 unsigned char primeExponent[2][MAX_RSA_PRIME_LEN]; /* exponents for CRT */ 52 unsigned char coefficient[MAX_RSA_PRIME_LEN]; /* CRT coefficient */ 53 } R_RSA_PRIVATE_KEY; 54 55 // functions to convert between OpenSSL's keys (using BIGNUMs) 56 // and our binary format 57 58 extern void openssl_to_keys( 59 RSA* rp, int nbits, R_RSA_PRIVATE_KEY& priv, R_RSA_PUBLIC_KEY& pub 60 ); 61 extern void private_to_openssl(R_RSA_PRIVATE_KEY& priv, RSA* rp); 62 extern void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp); 63 extern int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to); 64 65 struct KEY { 66 unsigned short int bits; 67 unsigned char data[1]; 68 }; 69 70 struct DATA_BLOCK { 71 unsigned char* data; 72 unsigned int len; 73 }; 74 75 #define MIN_OUT_BUFFER_SIZE MAX_RSA_MODULUS_LEN+1 76 77 // the size of a binary signature (encrypted MD5) 78 // 79 #define SIGNATURE_SIZE_BINARY MIN_OUT_BUFFER_SIZE 80 81 // size of text-encoded signature 82 #define SIGNATURE_SIZE_TEXT (SIGNATURE_SIZE_BINARY*2+20) 83 extern int sprint_hex_data(char* p, DATA_BLOCK&); 84 #ifdef _USING_FCGI_ 85 #undef FILE 86 #endif 87 extern int print_hex_data(FILE* f, DATA_BLOCK&); 88 extern int scan_hex_data(FILE* f, DATA_BLOCK&); 89 extern int print_key_hex(FILE*, KEY* key, int len); 90 extern int scan_key_hex(FILE*, KEY* key, int len); 91 #ifdef _USING_FCGI_ 92 #define FILE FCGI_FILE 93 #endif 94 extern int sscan_key_hex(const char*, KEY* key, int len); 95 extern int encrypt_private( 96 R_RSA_PRIVATE_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out 97 ); 98 extern int decrypt_public( 99 R_RSA_PUBLIC_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out 100 ); 101 extern int sign_file( 102 const char* path, R_RSA_PRIVATE_KEY&, DATA_BLOCK& signature 103 ); 104 extern int sign_block( 105 DATA_BLOCK& data, R_RSA_PRIVATE_KEY&, DATA_BLOCK& signature 106 ); 107 extern int check_file_signature( 108 const char* md5, R_RSA_PUBLIC_KEY&, DATA_BLOCK& signature, bool& 109 ); 110 extern int check_file_signature2( 111 const char* md5, const char* signature, const char* key, bool& 112 ); 113 extern int check_string_signature( 114 const char* text, const char* signature, R_RSA_PUBLIC_KEY&, bool& 115 ); 116 extern int check_string_signature2( 117 const char* text, const char* signature, const char* key, bool& 118 ); 119 extern int print_raw_data(FILE* f, DATA_BLOCK& x); 120 extern int scan_raw_data(FILE *f, DATA_BLOCK& x); 121 extern int read_key_file(const char* keyfile, R_RSA_PRIVATE_KEY& key); 122 extern int generate_signature( 123 char* text_to_sign, char* signature_hex, R_RSA_PRIVATE_KEY& key 124 ); 125 126 // Check if sfileMsg (of length sfsize) has been created from sha1_md using the 127 // private key beloning to the public key file cFile 128 // Return: 129 // 1: YES 130 // 0: NO or error 131 extern int check_validity_of_cert( 132 const char *cFile, const unsigned char *sha1_md, 133 unsigned char *sfileMsg, const int sfsize, const char* caPath 134 ); 135 136 extern char *check_validity(const char *certPath, const char *origFile, 137 unsigned char *signature, char* caPath 138 ); 139 140 struct CERT_SIGS; 141 142 int cert_verify_file( 143 CERT_SIGS* signatures, const char* origFile, const char* trustLocation 144 ); 145 #endif 146