api/privatekey_8c_source.html

#include <freerdp/config.h>


#include <errno.h>

#include <stdio.h>

#include <string.h>


#include <winpr/assert.h>

#include <winpr/wtypes.h>

#include <winpr/crt.h>

#include <winpr/file.h>

#include <winpr/crypto.h>


#include <openssl/pem.h>

#include <openssl/rsa.h>

#include <openssl/bn.h>

#include <openssl/err.h>


#include "privatekey.h"

#include "cert_common.h"


#include <freerdp/crypto/privatekey.h>


#include <openssl/evp.h>


#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)

#include <openssl/core_names.h>

#endif


#include "x509_utils.h"

#include "crypto.h"

#include "opensslcompat.h"


#define TAG FREERDP_TAG("crypto")


struct rdp_private_key

{

  EVP_PKEY* evp;


  rdpCertInfo cert;

  BYTE* PrivateExponent;

  DWORD PrivateExponentLength;

};


/*

 * Terminal Services Signing Keys.

 * Yes, Terminal Services Private Key is publicly available.

 */


static BYTE tssk_modulus[] = { 0x3d, 0x3a, 0x5e, 0xbd, 0x72, 0x43, 0x3e, 0xc9, 0x4d, 0xbb, 0xc1,

                             0x1e, 0x4a, 0xba, 0x5f, 0xcb, 0x3e, 0x88, 0x20, 0x87, 0xef, 0xf5,

                             0xc1, 0xe2, 0xd7, 0xb7, 0x6b, 0x9a, 0xf2, 0x52, 0x45, 0x95, 0xce,

                             0x63, 0x65, 0x6b, 0x58, 0x3a, 0xfe, 0xef, 0x7c, 0xe7, 0xbf, 0xfe,

                             0x3d, 0xf6, 0x5c, 0x7d, 0x6c, 0x5e, 0x06, 0x09, 0x1a, 0xf5, 0x61,

                             0xbb, 0x20, 0x93, 0x09, 0x5f, 0x05, 0x6d, 0xea, 0x87 };


static BYTE tssk_privateExponent[] = {

  0x87, 0xa7, 0x19, 0x32, 0xda, 0x11, 0x87, 0x55, 0x58, 0x00, 0x16, 0x16, 0x25, 0x65, 0x68, 0xf8,

  0x24, 0x3e, 0xe6, 0xfa, 0xe9, 0x67, 0x49, 0x94, 0xcf, 0x92, 0xcc, 0x33, 0x99, 0xe8, 0x08, 0x60,

  0x17, 0x9a, 0x12, 0x9f, 0x24, 0xdd, 0xb1, 0x24, 0x99, 0xc7, 0x3a, 0xb8, 0x0a, 0x7b, 0x0d, 0xdd,

  0x35, 0x07, 0x79, 0x17, 0x0b, 0x51, 0x9b, 0xb3, 0xc7, 0x10, 0x01, 0x13, 0xe7, 0x3f, 0xf3, 0x5f

};


static const rdpPrivateKey tssk = { .PrivateExponent = tssk_privateExponent,

                                  .PrivateExponentLength = sizeof(tssk_privateExponent),

                                  .cert = { .Modulus = tssk_modulus,

                                            .ModulusLength = sizeof(tssk_modulus) } };

const rdpPrivateKey* priv_key_tssk = &tssk;


#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)

static RSA* evp_pkey_to_rsa(const rdpPrivateKey* key)

{

  if (!freerdp_key_is_rsa(key))

  {

    WLog_WARN(TAG, "Key is no RSA key");

    return nullptr;

  }


  RSA* rsa = nullptr;

  BIO* bio = BIO_new(

#if defined(LIBRESSL_VERSION_NUMBER)

      BIO_s_mem()

#else

      BIO_s_secmem()

#endif

  );

  if (!bio)

    return nullptr;

  const int rc = PEM_write_bio_PrivateKey(bio, key->evp, nullptr, nullptr, 0, nullptr, nullptr);

  if (rc != 1)

    goto fail;

  rsa = PEM_read_bio_RSAPrivateKey(bio, nullptr, nullptr, nullptr);

fail:

  BIO_free_all(bio);

  return rsa;

}

#endif


static int pem_pwd_cb(char* buf, int size, WINPR_ATTR_UNUSED int rwflag, void* userdata)

{

  const char* pwd = userdata;

  if (!pwd || (size < 0))

    return -1;

  if (size == 0)

    return 0;


  size_t len = strlen(pwd);

  if (len >= WINPR_ASSERTING_INT_CAST(size_t, size))

    len = WINPR_ASSERTING_INT_CAST(size_t, size) - 1;

  memcpy(buf, pwd, len);

  buf[len] = '\0';

  return WINPR_ASSERTING_INT_CAST(int, len);

}


static EVP_PKEY* evp_pkey_utils_from_pem(const char* data, size_t len, BOOL fromFile,

                                         const char* password)

{

  EVP_PKEY* evp = nullptr;

  BIO* bio = nullptr;

  if (fromFile)

    bio = BIO_new_file(data, "rb");

  else

  {

    if (len > INT_MAX)

      return nullptr;

    bio = BIO_new_mem_buf(data, (int)len);

  }


  if (!bio)

  {

    WLog_ERR(TAG, "BIO_new failed for private key");

    return nullptr;

  }


  evp = PEM_read_bio_PrivateKey(bio, nullptr, pem_pwd_cb,

                                WINPR_CAST_CONST_PTR_AWAY(password, void*));

  BIO_free_all(bio);

  if (!evp)

    WLog_ERR(TAG, "PEM_read_bio_PrivateKey returned nullptr [input length %" PRIuz "]", len);


  return evp;

}


static BOOL key_read_private(rdpPrivateKey* key)

{

  BOOL rc = FALSE;


  WINPR_ASSERT(key);

  WINPR_ASSERT(key->evp);


  /* The key is not an RSA key, that means we just return success. */

  if (!freerdp_key_is_rsa(key))

    return TRUE;


#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)

  RSA* rsa = evp_pkey_to_rsa(key);

  if (!rsa)

  {

    char ebuffer[256] = WINPR_C_ARRAY_INIT;

    WLog_ERR(TAG, "unable to load RSA key: %s.",

             winpr_strerror(errno, ebuffer, sizeof(ebuffer)));

    goto fail;

  }


  switch (RSA_check_key(rsa))

  {

    case 0:

      WLog_ERR(TAG, "invalid RSA key");

      goto fail;


    case 1:

      /* Valid key. */

      break;


    default:

    {

      char ebuffer[256] = WINPR_C_ARRAY_INIT;

      WLog_ERR(TAG, "unexpected error when checking RSA key: %s.",

               winpr_strerror(errno, ebuffer, sizeof(ebuffer)));

      goto fail;

    }

  }


  const BIGNUM* rsa_e = nullptr;

  const BIGNUM* rsa_n = nullptr;

  const BIGNUM* rsa_d = nullptr;


  RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);

#else

  BIGNUM* rsa_e = nullptr;

  BIGNUM* rsa_n = nullptr;

  BIGNUM* rsa_d = nullptr;


  if (!EVP_PKEY_get_bn_param(key->evp, OSSL_PKEY_PARAM_RSA_N, &rsa_n))

    goto fail;

  if (!EVP_PKEY_get_bn_param(key->evp, OSSL_PKEY_PARAM_RSA_E, &rsa_e))

    goto fail;

  if (!EVP_PKEY_get_bn_param(key->evp, OSSL_PKEY_PARAM_RSA_D, &rsa_d))

    goto fail;

#endif

  if (BN_num_bytes(rsa_e) > 4)

  {

    WLog_ERR(TAG, "RSA public exponent too large");

    goto fail;

  }


  if (!read_bignum(&key->PrivateExponent, &key->PrivateExponentLength, rsa_d, TRUE))

    goto fail;


  if (!cert_info_create(&key->cert, rsa_n, rsa_e))

    goto fail;

  rc = TRUE;

fail:

#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)

  RSA_free(rsa);

#else

  BN_free(rsa_d);

  BN_free(rsa_e);

  BN_free(rsa_n);

#endif

  return rc;

}


rdpPrivateKey* freerdp_key_new_from_pem(const char* pem)

{

  return freerdp_key_new_from_pem_enc(pem, nullptr);

}


rdpPrivateKey* freerdp_key_new_from_pem_enc(const char* pem, const char* password)

{

  rdpPrivateKey* key = freerdp_key_new();

  if (!key || !pem)

    goto fail;


  key->evp = evp_pkey_utils_from_pem(pem, strlen(pem), FALSE, password);

  if (!key->evp)

    goto fail;

  if (!key_read_private(key))

    goto fail;

  return key;

fail:

  freerdp_key_free(key);

  return nullptr;

}


rdpPrivateKey* freerdp_key_new_from_file(const char* keyfile)

{

  return freerdp_key_new_from_file_enc(keyfile, nullptr);

}


rdpPrivateKey* freerdp_key_new_from_file_enc(const char* keyfile, const char* password)

{

  rdpPrivateKey* key = freerdp_key_new();

  if (!key || !keyfile)

    goto fail;


  key->evp = evp_pkey_utils_from_pem(keyfile, strlen(keyfile), TRUE, password);

  if (!key->evp)

    goto fail;

  if (!key_read_private(key))

    goto fail;

  return key;

fail:

  freerdp_key_free(key);

  return nullptr;

}


rdpPrivateKey* freerdp_key_new(void)

{

  return calloc(1, sizeof(rdpPrivateKey));

}


rdpPrivateKey* freerdp_key_clone(const rdpPrivateKey* key)

{

  if (!key)

    return nullptr;


  rdpPrivateKey* _key = (rdpPrivateKey*)calloc(1, sizeof(rdpPrivateKey));


  if (!_key)

    return nullptr;


  if (key->evp)

  {

    _key->evp = key->evp;

    if (!_key->evp)

      goto out_fail;

    EVP_PKEY_up_ref(_key->evp);

  }


  if (key->PrivateExponent)

  {

    _key->PrivateExponent = (BYTE*)malloc(key->PrivateExponentLength);


    if (!_key->PrivateExponent)

      goto out_fail;


    CopyMemory(_key->PrivateExponent, key->PrivateExponent, key->PrivateExponentLength);

    _key->PrivateExponentLength = key->PrivateExponentLength;

  }


  if (!cert_info_clone(&_key->cert, &key->cert))

    goto out_fail;


  return _key;

out_fail:

  WINPR_PRAGMA_DIAG_PUSH

  WINPR_PRAGMA_DIAG_IGNORED_MISMATCHED_DEALLOC

  freerdp_key_free(_key);

  WINPR_PRAGMA_DIAG_POP

  return nullptr;

}


void freerdp_key_free(rdpPrivateKey* key)

{

  if (!key)

    return;


  EVP_PKEY_free(key->evp);

  if (key->PrivateExponent)

    memset(key->PrivateExponent, 0, key->PrivateExponentLength);

  free(key->PrivateExponent);

  cert_info_free(&key->cert);

  free(key);

}


const rdpCertInfo* freerdp_key_get_info(const rdpPrivateKey* key)

{

  WINPR_ASSERT(key);

  if (!freerdp_key_is_rsa(key))

    return nullptr;

  return &key->cert;

}


const BYTE* freerdp_key_get_exponent(const rdpPrivateKey* key, size_t* plength)

{

  WINPR_ASSERT(key);

  if (!freerdp_key_is_rsa(key))

  {

    if (plength)

      *plength = 0;

    return nullptr;

  }


  if (plength)

    *plength = key->PrivateExponentLength;

  return key->PrivateExponent;

}


EVP_PKEY* freerdp_key_get_evp_pkey(const rdpPrivateKey* key)

{

  WINPR_ASSERT(key);


  EVP_PKEY* evp = key->evp;

  WINPR_ASSERT(evp);

  EVP_PKEY_up_ref(evp);

  return evp;

}


BOOL freerdp_key_is_rsa(const rdpPrivateKey* key)

{

  WINPR_ASSERT(key);

  if (key == priv_key_tssk)

    return TRUE;


  WINPR_ASSERT(key->evp);

  return (EVP_PKEY_id(key->evp) == EVP_PKEY_RSA);

}


size_t freerdp_key_get_bits(const rdpPrivateKey* key)

{

  int rc = -1;

#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)

  RSA* rsa = evp_pkey_to_rsa(key);

  if (rsa)

  {

    rc = RSA_bits(rsa);

    RSA_free(rsa);

  }

#else

  rc = EVP_PKEY_get_bits(key->evp);

#endif


  return WINPR_ASSERTING_INT_CAST(size_t, rc);

}


BOOL freerdp_key_generate(rdpPrivateKey* key, const char* type, size_t count, ...)

{

  BOOL rc = FALSE;


  if (!type)

  {

    WLog_ERR(TAG, "Invalid argument type=%s", type);

    return FALSE;

  }

  if (strncmp("RSA", type, 4) != 0)

  {

    WLog_ERR(TAG, "Argument type=%s is currently not supported, aborting", type);

    return FALSE;

  }

  if (count != 1)

  {

    WLog_ERR(TAG, "Argument type=%s requires count=1, got %" PRIuz ", aborting", type, count);

    return FALSE;

  }

  va_list ap = WINPR_C_ARRAY_INIT;

  va_start(ap, count);

  const int key_length = va_arg(ap, int);

  va_end(ap);


#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)

  RSA* rsa = nullptr;

#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)

  rsa = RSA_generate_key(key_length, RSA_F4, nullptr, nullptr);

#else

  {

    BIGNUM* bn = BN_secure_new();


    if (!bn)

      return FALSE;


    rsa = RSA_new();


    if (!rsa)

    {

      BN_clear_free(bn);

      return FALSE;

    }


    BN_set_word(bn, RSA_F4);

    const int res = RSA_generate_key_ex(rsa, key_length, bn, nullptr);

    BN_clear_free(bn);


    if (res != 1)

      return FALSE;

  }

#endif


  EVP_PKEY_free(key->evp);

  key->evp = EVP_PKEY_new();


  if (!EVP_PKEY_assign_RSA(key->evp, rsa))

  {

    EVP_PKEY_free(key->evp);

    key->evp = nullptr;

    RSA_free(rsa);

    return FALSE;

  }


  rc = TRUE;

#else

  EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_from_name(nullptr, type, nullptr);

  if (!pctx)

    return FALSE;


  if (EVP_PKEY_keygen_init(pctx) != 1)

    goto fail;


  if (EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, key_length) != 1)

    goto fail;


  EVP_PKEY_free(key->evp);

  key->evp = nullptr;


  if (EVP_PKEY_generate(pctx, &key->evp) != 1)

    goto fail;


  rc = TRUE;

fail:

  EVP_PKEY_CTX_free(pctx);

#endif

  return rc;

}


BYTE* freerdp_key_get_param(const rdpPrivateKey* key, enum FREERDP_KEY_PARAM param, size_t* plength)

{

  BYTE* buf = nullptr;


  WINPR_ASSERT(key);

  WINPR_ASSERT(plength);


  *plength = 0;


  BIGNUM* bn = nullptr;

#if OPENSSL_VERSION_NUMBER >= 0x30000000L


  const char* pk = nullptr;

  switch (param)

  {

    case FREERDP_KEY_PARAM_RSA_D:

      pk = OSSL_PKEY_PARAM_RSA_D;

      break;

    case FREERDP_KEY_PARAM_RSA_E:

      pk = OSSL_PKEY_PARAM_RSA_E;

      break;

    case FREERDP_KEY_PARAM_RSA_N:

      pk = OSSL_PKEY_PARAM_RSA_N;

      break;

    default:

      return nullptr;

  }


  if (!EVP_PKEY_get_bn_param(key->evp, pk, &bn))

    return nullptr;

#else

  {

    const RSA* rsa = EVP_PKEY_get0_RSA(key->evp);

    if (!rsa)

      return nullptr;


    const BIGNUM* cbn = nullptr;

    switch (param)

    {

      case FREERDP_KEY_PARAM_RSA_D:

#if OPENSSL_VERSION_NUMBER >= 0x10101007L

        cbn = RSA_get0_d(rsa);

#endif

        break;

      case FREERDP_KEY_PARAM_RSA_E:

#if OPENSSL_VERSION_NUMBER >= 0x10101007L

        cbn = RSA_get0_e(rsa);

#endif

        break;

      case FREERDP_KEY_PARAM_RSA_N:

#if OPENSSL_VERSION_NUMBER >= 0x10101007L

        cbn = RSA_get0_n(rsa);

#endif

        break;

      default:

        return nullptr;

    }

    if (!cbn)

      return nullptr;

    bn = BN_dup(cbn);

    if (!bn)

      return nullptr;

  }

#endif


  const int length = BN_num_bytes(bn);

  if (length < 0)

    goto fail;


  {

    const size_t alloc_size = (size_t)length + 1ull;

    buf = calloc(alloc_size, sizeof(BYTE));

  }


  if (!buf)

    goto fail;


  {

    const int bnlen = BN_bn2bin(bn, buf);

    if (bnlen != length)

    {

      free(buf);

      buf = nullptr;

    }

    else

      *plength = WINPR_ASSERTING_INT_CAST(size_t, length);

  }


fail:

  BN_free(bn);

  return buf;

}


WINPR_DIGEST_CTX* freerdp_key_digest_sign(rdpPrivateKey* key, WINPR_MD_TYPE digest)

{

  WINPR_DIGEST_CTX* md_ctx = winpr_Digest_New();

  if (!md_ctx)

    return nullptr;


  if (!winpr_DigestSign_Init(md_ctx, digest, key->evp))

  {

    winpr_Digest_Free(md_ctx);

    return nullptr;

  }

  return md_ctx;

}


static BOOL bio_read_pem(BIO* bio, char** ppem, size_t* plength)

{

  BOOL rc = FALSE;


  WINPR_ASSERT(bio);

  WINPR_ASSERT(ppem);


  const size_t blocksize = 2048;

  size_t offset = 0;

  size_t length = blocksize;

  char* pem = nullptr;


  *ppem = nullptr;

  if (plength)

    *plength = 0;


  while (offset < length)

  {

    char* tmp = realloc(pem, length + 1);

    if (!tmp)

      goto fail;

    pem = tmp;


    ERR_clear_error();


    const int status = BIO_read(bio, &pem[offset], (int)(length - offset));

    if (status < 0)

    {

      WLog_ERR(TAG, "failed to read certificate");

      goto fail;

    }


    if (status == 0)

      break;


    offset += (size_t)status;

    if (length - offset > 0)

      break;

    length += blocksize;

  }


  if (pem)

  {

    if (offset >= length)

      goto fail;

    pem[offset] = '\0';

  }

  *ppem = pem;

  if (plength)

    *plength = offset;

  rc = TRUE;

fail:

  if (!rc)

    free(pem);


  return rc;

}


char* freerdp_key_get_pem(const rdpPrivateKey* key, size_t* plen, const char* password)

{

  WINPR_ASSERT(key);


  if (!key->evp)

    return nullptr;


  BIO* bio = BIO_new(BIO_s_mem());


  if (!bio)

  {

    WLog_ERR(TAG, "BIO_new() failure");

    return nullptr;

  }


  char* pem = nullptr;


  const EVP_CIPHER* enc = nullptr;

  if (password)

    enc = EVP_aes_256_xts();


  const int status = PEM_write_bio_PrivateKey(bio, key->evp, enc, nullptr, 0, nullptr,

                                              WINPR_CAST_CONST_PTR_AWAY(password, void*));

  if (status < 0)

  {

    WLog_ERR(TAG, "PEM_write_bio_PrivateKey failure: %d", status);

    goto fail;

  }


  (void)bio_read_pem(bio, &pem, plen);


fail:

  BIO_free_all(bio);

  return pem;

}