From 1587b21edded56dbfb88150500336c2853b460c6 Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Thu, 1 May 2014 15:21:41 +0200 Subject: Renamed cPublicKey to cCryptoKey. The class can hold both the private key and the public key, bad naming on PolarSSL's part. Also somewhat fixed the cert and key loading in cHTTPServer. --- src/HTTPServer/HTTPServer.cpp | 6 +- src/HTTPServer/HTTPServer.h | 6 +- src/HTTPServer/SslHTTPConnection.cpp | 2 +- src/HTTPServer/SslHTTPConnection.h | 8 +- src/PolarSSL++/CryptoKey.cpp | 149 +++++++++++++++++++++++++++++++++++ src/PolarSSL++/CryptoKey.h | 76 ++++++++++++++++++ src/PolarSSL++/CtrDrbgContext.h | 2 +- src/PolarSSL++/PublicKey.cpp | 149 ----------------------------------- src/PolarSSL++/PublicKey.h | 76 ------------------ src/PolarSSL++/SslContext.cpp | 2 +- src/PolarSSL++/SslContext.h | 13 ++- 11 files changed, 244 insertions(+), 245 deletions(-) create mode 100644 src/PolarSSL++/CryptoKey.cpp create mode 100644 src/PolarSSL++/CryptoKey.h delete mode 100644 src/PolarSSL++/PublicKey.cpp delete mode 100644 src/PolarSSL++/PublicKey.h diff --git a/src/HTTPServer/HTTPServer.cpp b/src/HTTPServer/HTTPServer.cpp index 9e3e0a17b..c45044c66 100644 --- a/src/HTTPServer/HTTPServer.cpp +++ b/src/HTTPServer/HTTPServer.cpp @@ -124,17 +124,17 @@ class cDebugCallbacks : cHTTPServer::cHTTPServer(void) : m_ListenThreadIPv4(*this, cSocket::IPv4, "WebServer IPv4"), m_ListenThreadIPv6(*this, cSocket::IPv6, "WebServer IPv6"), - m_Callbacks(NULL), - m_Cert(new cX509Cert), - m_CertPrivKey(new cPublicKey) + m_Callbacks(NULL) { AString CertFile = cFile::ReadWholeFile("webadmin/httpscert.crt"); AString KeyFile = cFile::ReadWholeFile("webadmin/httpskey.pem"); if (!CertFile.empty() && !KeyFile.empty()) { + m_Cert.reset(new cX509Cert); int res = m_Cert->Parse(CertFile.data(), CertFile.size()); if (res == 0) { + m_CertPrivKey.reset(new cCryptoKey); int res2 = m_CertPrivKey->ParsePrivate(KeyFile.data(), KeyFile.size(), ""); if (res2 != 0) { diff --git a/src/HTTPServer/HTTPServer.h b/src/HTTPServer/HTTPServer.h index eb91dd5a3..522b7da62 100644 --- a/src/HTTPServer/HTTPServer.h +++ b/src/HTTPServer/HTTPServer.h @@ -13,7 +13,7 @@ #include "../OSSupport/SocketThreads.h" #include "inifile/iniFile.h" #include "PolarSSL++/RsaPrivateKey.h" -#include "PolarSSL++/PublicKey.h" +#include "PolarSSL++/CryptoKey.h" #include "PolarSSL++/X509Cert.h" @@ -85,8 +85,8 @@ protected: /** The server certificate to use for the SSL connections */ cX509CertPtr m_Cert; - /** The private key for m_Cert. Despite the class name, this is the PRIVATE key. */ - cPublicKeyPtr m_CertPrivKey; + /** The private key for m_Cert. */ + cCryptoKeyPtr m_CertPrivKey; // cListenThread::cCallback overrides: diff --git a/src/HTTPServer/SslHTTPConnection.cpp b/src/HTTPServer/SslHTTPConnection.cpp index b6b222b47..d237089d9 100644 --- a/src/HTTPServer/SslHTTPConnection.cpp +++ b/src/HTTPServer/SslHTTPConnection.cpp @@ -11,7 +11,7 @@ -cSslHTTPConnection::cSslHTTPConnection(cHTTPServer & a_HTTPServer, const cX509CertPtr & a_Cert, const cPublicKeyPtr & a_PrivateKey) : +cSslHTTPConnection::cSslHTTPConnection(cHTTPServer & a_HTTPServer, const cX509CertPtr & a_Cert, const cCryptoKeyPtr & a_PrivateKey) : super(a_HTTPServer), m_Ssl(64000), m_Cert(a_Cert), diff --git a/src/HTTPServer/SslHTTPConnection.h b/src/HTTPServer/SslHTTPConnection.h index 653acbfce..c2c1585cd 100644 --- a/src/HTTPServer/SslHTTPConnection.h +++ b/src/HTTPServer/SslHTTPConnection.h @@ -22,9 +22,9 @@ class cSslHTTPConnection : typedef cHTTPConnection super; public: - /** Creates a new connection on the specified server; sends the specified cert as the server certificate, - uses the private key for decryption. a_Private key is, despite the class name, a PRIVATE key for the cert. */ - cSslHTTPConnection(cHTTPServer & a_HTTPServer, const cX509CertPtr & a_Cert, const cPublicKeyPtr & a_PrivateKey); + /** Creates a new connection on the specified server. + Sends the specified cert as the server certificate, uses the private key for decryption. */ + cSslHTTPConnection(cHTTPServer & a_HTTPServer, const cX509CertPtr & a_Cert, const cCryptoKeyPtr & a_PrivateKey); protected: cBufferedSslContext m_Ssl; @@ -33,7 +33,7 @@ protected: cX509CertPtr m_Cert; /** The private key used for the certificate */ - cPublicKeyPtr m_PrivateKey; + cCryptoKeyPtr m_PrivateKey; // cHTTPConnection overrides: virtual bool DataReceived (const char * a_Data, size_t a_Size) override; // Data is received from the client diff --git a/src/PolarSSL++/CryptoKey.cpp b/src/PolarSSL++/CryptoKey.cpp new file mode 100644 index 000000000..0763c387b --- /dev/null +++ b/src/PolarSSL++/CryptoKey.cpp @@ -0,0 +1,149 @@ + +// CryptoKey.cpp + +// Implements the cCryptoKey class representing a RSA public key in PolarSSL + +#include "Globals.h" +#include "CryptoKey.h" + + + + + +cCryptoKey::cCryptoKey(void) +{ + pk_init(&m_Pk); + m_CtrDrbg.Initialize("rsa_pubkey", 10); +} + + + + + +cCryptoKey::cCryptoKey(const AString & a_PublicKeyData) +{ + pk_init(&m_Pk); + m_CtrDrbg.Initialize("rsa_pubkey", 10); + int res = ParsePublic(a_PublicKeyData.data(), a_PublicKeyData.size()); + if (res != 0) + { + LOGWARNING("Failed to parse public key: -0x%x", res); + ASSERT(!"Cannot parse PubKey"); + return; + } +} + + + + + +cCryptoKey::cCryptoKey(const AString & a_PrivateKeyData, const AString & a_Password) +{ + pk_init(&m_Pk); + m_CtrDrbg.Initialize("rsa_privkey", 11); + int res = ParsePrivate(a_PrivateKeyData.data(), a_PrivateKeyData.size(), a_Password); + if (res != 0) + { + LOGWARNING("Failed to parse private key: -0x%x", res); + ASSERT(!"Cannot parse PubKey"); + return; + } +} + + + + + +cCryptoKey::~cCryptoKey() +{ + pk_free(&m_Pk); +} + + + + + +int cCryptoKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength) +{ + ASSERT(IsValid()); + + size_t DecryptedLen = a_DecryptedMaxLength; + int res = pk_decrypt(&m_Pk, + a_EncryptedData, a_EncryptedLength, + a_DecryptedData, &DecryptedLen, a_DecryptedMaxLength, + ctr_drbg_random, m_CtrDrbg.GetInternal() + ); + if (res != 0) + { + return res; + } + return (int)DecryptedLen; +} + + + + + +int cCryptoKey::Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength) +{ + ASSERT(IsValid()); + + size_t EncryptedLength = a_EncryptedMaxLength; + int res = pk_encrypt(&m_Pk, + a_PlainData, a_PlainLength, a_EncryptedData, &EncryptedLength, a_EncryptedMaxLength, + ctr_drbg_random, m_CtrDrbg.GetInternal() + ); + if (res != 0) + { + return res; + } + return (int)EncryptedLength; +} + + + + + + +int cCryptoKey::ParsePublic(const void * a_Data, size_t a_NumBytes) +{ + ASSERT(!IsValid()); // Cannot parse a second key + + return pk_parse_public_key(&m_Pk, (const unsigned char *)a_Data, a_NumBytes); +} + + + + + + +int cCryptoKey::ParsePrivate(const void * a_Data, size_t a_NumBytes, const AString & a_Password) +{ + ASSERT(!IsValid()); // Cannot parse a second key + + if (a_Password.empty()) + { + return pk_parse_key(&m_Pk, (const unsigned char *)a_Data, a_NumBytes, NULL, 0); + } + else + { + return pk_parse_key( + &m_Pk, + (const unsigned char *)a_Data, a_NumBytes, + (const unsigned char *)a_Password.c_str(), a_Password.size() + ); + } +} + + + + + +bool cCryptoKey::IsValid(void) const +{ + return (pk_get_type(&m_Pk) != POLARSSL_PK_NONE); +} + + + + diff --git a/src/PolarSSL++/CryptoKey.h b/src/PolarSSL++/CryptoKey.h new file mode 100644 index 000000000..9c298e501 --- /dev/null +++ b/src/PolarSSL++/CryptoKey.h @@ -0,0 +1,76 @@ + +// CryptoKey.h + +// Declares the cCryptoKey class representing a RSA public key in PolarSSL + + + + + +#pragma once + +#include "CtrDrbgContext.h" +#include "polarssl/pk.h" + + + + + +class cCryptoKey +{ + friend class cSslContext; + +public: + /** Constructs an empty key instance. Before use, it needs to be filled by ParsePublic() or ParsePrivate() */ + cCryptoKey(void); + + /** Constructs the public key out of the DER- or PEM-encoded pubkey data */ + cCryptoKey(const AString & a_PublicKeyData); + + /** Constructs the private key out of the DER- or PEM-encoded privkey data, with the specified password. + If a_Password is empty, no password is assumed. */ + cCryptoKey(const AString & a_PrivateKeyData, const AString & a_Password); + + ~cCryptoKey(); + + /** Decrypts the data using the stored public key + Both a_EncryptedData and a_DecryptedData must be at least bytes large. + Returns the number of bytes decrypted, or negative number for error. */ + int Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength); + + /** Encrypts the data using the stored public key + Both a_EncryptedData and a_DecryptedData must be at least bytes large. + Returns the number of bytes decrypted, or negative number for error. */ + int Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength); + + /** Parses the specified data into a public key representation. + The key can be DER- or PEM-encoded. + Returns 0 on success, PolarSSL error code on failure. */ + int ParsePublic(const void * a_Data, size_t a_NumBytes); + + /** Parses the specified data into a private key representation. + If a_Password is empty, no password is assumed. + The key can be DER- or PEM-encoded. + Returns 0 on success, PolarSSL error code on failure. */ + int ParsePrivate(const void * a_Data, size_t a_NumBytes, const AString & a_Password); + + /** Returns true if the contained key is valid. */ + bool IsValid(void) const; + +protected: + /** The PolarSSL representation of the key data */ + pk_context m_Pk; + + /** The random generator used in encryption and decryption */ + cCtrDrbgContext m_CtrDrbg; + + + /** Returns the internal context ptr. Only use in PolarSSL API calls. */ + pk_context * GetInternal(void) { return &m_Pk; } +} ; + +typedef SharedPtr cCryptoKeyPtr; + + + + diff --git a/src/PolarSSL++/CtrDrbgContext.h b/src/PolarSSL++/CtrDrbgContext.h index 65e9a2374..230db8753 100644 --- a/src/PolarSSL++/CtrDrbgContext.h +++ b/src/PolarSSL++/CtrDrbgContext.h @@ -26,7 +26,7 @@ class cCtrDrbgContext { friend class cSslContext; friend class cRsaPrivateKey; - friend class cPublicKey; + friend class cCryptoKey; public: /** Constructs the context with a new entropy context. */ diff --git a/src/PolarSSL++/PublicKey.cpp b/src/PolarSSL++/PublicKey.cpp deleted file mode 100644 index dae026082..000000000 --- a/src/PolarSSL++/PublicKey.cpp +++ /dev/null @@ -1,149 +0,0 @@ - -// PublicKey.cpp - -// Implements the cPublicKey class representing a RSA public key in PolarSSL - -#include "Globals.h" -#include "PublicKey.h" - - - - - -cPublicKey::cPublicKey(void) -{ - pk_init(&m_Pk); - m_CtrDrbg.Initialize("rsa_pubkey", 10); -} - - - - - -cPublicKey::cPublicKey(const AString & a_PublicKeyData) -{ - pk_init(&m_Pk); - m_CtrDrbg.Initialize("rsa_pubkey", 10); - int res = ParsePublic(a_PublicKeyData.data(), a_PublicKeyData.size()); - if (res != 0) - { - LOGWARNING("Failed to parse public key: -0x%x", res); - ASSERT(!"Cannot parse PubKey"); - return; - } -} - - - - - -cPublicKey::cPublicKey(const AString & a_PrivateKeyData, const AString & a_Password) -{ - pk_init(&m_Pk); - m_CtrDrbg.Initialize("rsa_privkey", 11); - int res = ParsePrivate(a_PrivateKeyData.data(), a_PrivateKeyData.size(), a_Password); - if (res != 0) - { - LOGWARNING("Failed to parse private key: -0x%x", res); - ASSERT(!"Cannot parse PubKey"); - return; - } -} - - - - - -cPublicKey::~cPublicKey() -{ - pk_free(&m_Pk); -} - - - - - -int cPublicKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength) -{ - ASSERT(IsValid()); - - size_t DecryptedLen = a_DecryptedMaxLength; - int res = pk_decrypt(&m_Pk, - a_EncryptedData, a_EncryptedLength, - a_DecryptedData, &DecryptedLen, a_DecryptedMaxLength, - ctr_drbg_random, m_CtrDrbg.GetInternal() - ); - if (res != 0) - { - return res; - } - return (int)DecryptedLen; -} - - - - - -int cPublicKey::Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength) -{ - ASSERT(IsValid()); - - size_t EncryptedLength = a_EncryptedMaxLength; - int res = pk_encrypt(&m_Pk, - a_PlainData, a_PlainLength, a_EncryptedData, &EncryptedLength, a_EncryptedMaxLength, - ctr_drbg_random, m_CtrDrbg.GetInternal() - ); - if (res != 0) - { - return res; - } - return (int)EncryptedLength; -} - - - - - - -int cPublicKey::ParsePublic(const void * a_Data, size_t a_NumBytes) -{ - ASSERT(!IsValid()); // Cannot parse a second key - - return pk_parse_public_key(&m_Pk, (const unsigned char *)a_Data, a_NumBytes); -} - - - - - - -int cPublicKey::ParsePrivate(const void * a_Data, size_t a_NumBytes, const AString & a_Password) -{ - ASSERT(!IsValid()); // Cannot parse a second key - - if (a_Password.empty()) - { - return pk_parse_key(&m_Pk, (const unsigned char *)a_Data, a_NumBytes, NULL, 0); - } - else - { - return pk_parse_key( - &m_Pk, - (const unsigned char *)a_Data, a_NumBytes, - (const unsigned char *)a_Password.c_str(), a_Password.size() - ); - } -} - - - - - -bool cPublicKey::IsValid(void) const -{ - return (pk_get_type(&m_Pk) != POLARSSL_PK_NONE); -} - - - - diff --git a/src/PolarSSL++/PublicKey.h b/src/PolarSSL++/PublicKey.h deleted file mode 100644 index df52a4143..000000000 --- a/src/PolarSSL++/PublicKey.h +++ /dev/null @@ -1,76 +0,0 @@ - -// PublicKey.h - -// Declares the cPublicKey class representing a RSA public key in PolarSSL - - - - - -#pragma once - -#include "CtrDrbgContext.h" -#include "polarssl/pk.h" - - - - - -class cPublicKey -{ - friend class cSslContext; - -public: - /** Constructs an empty key instance. Before use, it needs to be filled by ParsePublic() or ParsePrivate() */ - cPublicKey(void); - - /** Constructs the public key out of the DER- or PEM-encoded pubkey data */ - cPublicKey(const AString & a_PublicKeyData); - - /** Constructs the private key out of the DER- or PEM-encoded privkey data, with the specified password. - If a_Password is empty, no password is assumed. */ - cPublicKey(const AString & a_PrivateKeyData, const AString & a_Password); - - ~cPublicKey(); - - /** Decrypts the data using the stored public key - Both a_EncryptedData and a_DecryptedData must be at least bytes large. - Returns the number of bytes decrypted, or negative number for error. */ - int Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength); - - /** Encrypts the data using the stored public key - Both a_EncryptedData and a_DecryptedData must be at least bytes large. - Returns the number of bytes decrypted, or negative number for error. */ - int Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength); - - /** Parses the specified data into a public key representation. - The key can be DER- or PEM-encoded. - Returns 0 on success, PolarSSL error code on failure. */ - int ParsePublic(const void * a_Data, size_t a_NumBytes); - - /** Parses the specified data into a private key representation. - If a_Password is empty, no password is assumed. - The key can be DER- or PEM-encoded. - Returns 0 on success, PolarSSL error code on failure. */ - int ParsePrivate(const void * a_Data, size_t a_NumBytes, const AString & a_Password); - - /** Returns true if the contained key is valid. */ - bool IsValid(void) const; - -protected: - /** The public key PolarSSL representation */ - pk_context m_Pk; - - /** The random generator used in encryption and decryption */ - cCtrDrbgContext m_CtrDrbg; - - - /** Returns the internal context ptr. Only use in PolarSSL API calls. */ - pk_context * GetInternal(void) { return &m_Pk; } -} ; - -typedef SharedPtr cPublicKeyPtr; - - - - diff --git a/src/PolarSSL++/SslContext.cpp b/src/PolarSSL++/SslContext.cpp index df0219610..bc397b655 100644 --- a/src/PolarSSL++/SslContext.cpp +++ b/src/PolarSSL++/SslContext.cpp @@ -115,7 +115,7 @@ void cSslContext::SetOwnCert(const cX509CertPtr & a_OwnCert, const cRsaPrivateKe -void cSslContext::SetOwnCert(const cX509CertPtr & a_OwnCert, const cPublicKeyPtr & a_OwnCertPrivKey) +void cSslContext::SetOwnCert(const cX509CertPtr & a_OwnCert, const cCryptoKeyPtr & a_OwnCertPrivKey) { ASSERT(m_IsValid); // Call Initialize() first diff --git a/src/PolarSSL++/SslContext.h b/src/PolarSSL++/SslContext.h index 273939b9f..a4ad1a345 100644 --- a/src/PolarSSL++/SslContext.h +++ b/src/PolarSSL++/SslContext.h @@ -11,7 +11,7 @@ #include "polarssl/ssl.h" #include "../ByteBuffer.h" -#include "PublicKey.h" +#include "CryptoKey.h" #include "RsaPrivateKey.h" #include "X509Cert.h" @@ -54,9 +54,8 @@ public: void SetOwnCert(const cX509CertPtr & a_OwnCert, const cRsaPrivateKeyPtr & a_OwnCertPrivKey); /** Sets the certificate to use as our own. Must be used when representing a server, optional when client. - Must be called after Initialize(). - Despite the class name, a_OwnCertPrivKey is a PRIVATE key. */ - void SetOwnCert(const cX509CertPtr & a_OwnCert, const cPublicKeyPtr & a_OwnCertPrivKey); + Must be called after Initialize(). */ + void SetOwnCert(const cX509CertPtr & a_OwnCert, const cCryptoKeyPtr & a_OwnCertPrivKey); /** Sets a cert chain as the trusted cert store for this context. Must be called after Initialize(). Calling this will switch the context into strict cert verification mode. @@ -107,11 +106,11 @@ protected: /** The certificate that we present to the peer. */ cX509CertPtr m_OwnCert; - /** Private key for m_OwnCert, if initialized from a cRsaPrivateKey */ + /** Private key for m_OwnCert, if initialized from a cRsaPrivateKey. */ cRsaPrivateKeyPtr m_OwnCertPrivKey; - /** Private key for m_OwnCert, if initialized from a cPublicKey. Despite the class name, this is a PRIVATE key. */ - cPublicKeyPtr m_OwnCertPrivKey2; + /** Private key for m_OwnCert, if initialized from a cCryptoKey. */ + cCryptoKeyPtr m_OwnCertPrivKey2; /** True if the SSL handshake has been completed. */ bool m_HasHandshaken; -- cgit v1.2.3