From cba6630aa01dc4b428ff7c7c6a2e9ded26d6812a Mon Sep 17 00:00:00 2001 From: Geoffrey McRae Date: Tue, 22 May 2018 09:39:03 +1000 Subject: [PATCH] [spice] relocate openssl code into seperate function This is in preperation of switching to an alternative SSL library as OpenSSL conflicts with the GNU licence. --- client/Makefile | 1 + client/spice/rsa.c | 74 ++++++++++++++++++++++++++++++++++++++++++++ client/spice/rsa.h | 30 ++++++++++++++++++ client/spice/spice.c | 39 +++++------------------ 4 files changed, 112 insertions(+), 32 deletions(-) create mode 100644 client/spice/rsa.c create mode 100644 client/spice/rsa.h diff --git a/client/Makefile b/client/Makefile index f53b8965..30ddb47b 100644 --- a/client/Makefile +++ b/client/Makefile @@ -17,6 +17,7 @@ CFLAGS += -DBUILD_VERSION='"$(shell git describe --always --long --dirty --abbr OBJS = main.o \ lg-renderer.o \ + spice/rsa.o \ spice/spice.o \ parsers/nal.o \ decoders/null.o \ diff --git a/client/spice/rsa.c b/client/spice/rsa.c new file mode 100644 index 00000000..e86a727d --- /dev/null +++ b/client/spice/rsa.c @@ -0,0 +1,74 @@ +/* +Looking Glass - KVM FrameRelay (KVMFR) Client +Copyright (C) 2017 Geoffrey McRae +https://looking-glass.hostfission.com + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; either version 2 of the License, or (at your option) any later +version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the Free Software Foundation, Inc., 59 Temple +Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +#include "rsa.h" +#include "debug.h" + +#include +#include + +#include +#include +#include + +bool spice_rsa_encrypt_password(uint8_t * pub_key, char * password, struct spice_password * result) +{ + BIO *bioKey = BIO_new(BIO_s_mem()); + if (!bioKey) + { + DEBUG_ERROR("failed to allocate bioKey"); + return false; + } + + BIO_write(bioKey, pub_key, SPICE_TICKET_PUBKEY_BYTES); + EVP_PKEY *rsaKey = d2i_PUBKEY_bio(bioKey, NULL); + RSA *rsa = EVP_PKEY_get1_RSA(rsaKey); + + result->size = RSA_size(rsa); + result->data = (char *)malloc(result->size); + + if (RSA_public_encrypt( + strlen(password) + 1, + (uint8_t*)password, + (uint8_t*)result->data, + rsa, + RSA_PKCS1_OAEP_PADDING + ) <= 0) + { + free(result->data); + result->size = 0; + result->data = NULL; + + DEBUG_ERROR("rsa public encrypt failed"); + EVP_PKEY_free(rsaKey); + BIO_free(bioKey); + return false; + } + + EVP_PKEY_free(rsaKey); + BIO_free(bioKey); + return true; +} + +void spice_rsa_free_password(struct spice_password * pass) +{ + free(pass->data); + pass->size = 0; + pass->data = NULL; +} \ No newline at end of file diff --git a/client/spice/rsa.h b/client/spice/rsa.h new file mode 100644 index 00000000..a9e4412e --- /dev/null +++ b/client/spice/rsa.h @@ -0,0 +1,30 @@ +/* +Looking Glass - KVM FrameRelay (KVMFR) Client +Copyright (C) 2017 Geoffrey McRae +https://looking-glass.hostfission.com + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; either version 2 of the License, or (at your option) any later +version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the Free Software Foundation, Inc., 59 Temple +Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +#include +#include + +struct spice_password +{ + char * data; + unsigned int size; +}; + +bool spice_rsa_encrypt_password(uint8_t * pub_key, char * password, struct spice_password * result); +void spice_rsa_free_password(struct spice_password * pass); \ No newline at end of file diff --git a/client/spice/spice.c b/client/spice/spice.c index 1992f51b..2814c517 100644 --- a/client/spice/spice.c +++ b/client/spice/spice.c @@ -27,10 +27,6 @@ Place, Suite 330, Boston, MA 02111-1307 USA #include #include -#include -#include -#include - #include #include #include @@ -42,6 +38,7 @@ Place, Suite 330, Boston, MA 02111-1307 USA #include #include "messages.h" +#include "rsa.h" #ifdef DEBUG_SPICE_MOUSE #define DEBUG_MOUSE(fmt, args...) DEBUG_PRINT("[M]", fmt, ##args) @@ -584,45 +581,23 @@ bool spice_connect_channel(struct SpiceChannel * channel) spice_read(channel, &capsCommon , sizeof(capsCommon )); spice_read(channel, &capsChannel, sizeof(capsChannel)); - BIO *bioKey = BIO_new(BIO_s_mem()); - if (!bioKey) + struct spice_password pass; + if (!spice_rsa_encrypt_password(reply.pub_key, spice.password, &pass)) { - DEBUG_ERROR("failed to allocate bioKey"); spice_disconnect_channel(channel); return false; } - BIO_write(bioKey, reply.pub_key, SPICE_TICKET_PUBKEY_BYTES); - EVP_PKEY *rsaKey = d2i_PUBKEY_bio(bioKey, NULL); - RSA *rsa = EVP_PKEY_get1_RSA(rsaKey); - - char enc[RSA_size(rsa)]; - if (RSA_public_encrypt( - strlen(spice.password) + 1, - (uint8_t*)spice.password, - (uint8_t*)enc, - rsa, - RSA_PKCS1_OAEP_PADDING - ) <= 0) - { - DEBUG_ERROR("rsa public encrypt failed"); - spice_disconnect_channel(channel); - EVP_PKEY_free(rsaKey); - BIO_free(bioKey); - return false; - } - - ssize_t rsaSize = RSA_size(rsa); - EVP_PKEY_free(rsaKey); - BIO_free(bioKey); - - if (!spice_write(channel, enc, rsaSize)) + if (!spice_write(channel, pass.data, pass.size)) { + spice_rsa_free_password(&pass); DEBUG_ERROR("failed to write encrypted data"); spice_disconnect_channel(channel); return false; } + spice_rsa_free_password(&pass); + uint32_t linkResult; if (!spice_read(channel, &linkResult, sizeof(linkResult))) {