#include #include #include "fips.h" #include "../utils.h" #include "../error.h" /* * SSL Format * RSA PUBLIC KEY -> PKCS#1 format * PUBLIC KEY -> PEM Format */ static int DEBUG = 0; int fips(const char *pkey, struct audit_fips *st_audit_fips, struct keyinfo *st_keyinfo, const int type, const int is_pubkey, const int to_stdout){ int res; if(type == TYPE_RSA){ /* If it's a pub key, we are going to analyse it */ if (is_pubkey == 1) res = fips_pubkey_rsa(st_audit_fips, st_keyinfo, pkey, to_stdout); else res = fips_privkey_rsa(st_audit_fips, st_keyinfo, pkey, to_stdout); } else if (type == TYPE_X509){ if (openssl_version() == 1) res = fips_x509_v1(st_audit_fips, st_keyinfo, pkey, to_stdout); else res = fips_x509_v3(st_audit_fips, st_keyinfo, pkey, to_stdout); } return res; } /* * This function load public RSA key and make an audit on it */ static int fips_pubkey_rsa(struct audit_fips *st_audit_fips, struct keyinfo *st_keyinfo, const char *pkey, const int to_stdout) { struct rsa *rsa; size_t keysize; int res; /* * Now, we check if the public certificate is compliant with FIPS * The program check the length of the key, the exponent */ if (openssl_version() == 1) res = loadkeys_rsa_v1(&rsa, pkey, &st_keyinfo->format); else /* OpenSSL version 3 */ res = loadkeys_rsa_v3(&rsa, pkey, &st_keyinfo->format); if (res > 0 || rsa == NULL){ printf("Failed to read the public key\n"); clean_rsa_st(rsa); return res; } audit_rsa_keys(rsa, st_audit_fips, st_keyinfo, pkey); // Clean clean_rsa_st(rsa); return 0; } /* * This function audit RSA private key */ static int fips_privkey_rsa(struct audit_fips *st_audit_fips, struct keyinfo *st_keyinfo, const char *pkey, const int to_stdout) { int res; struct rsa *rsa = NULL; if (openssl_version() == 1) res = load_priv_rsa_keys_v1(&rsa, pkey); else /* OpenSSL version 3 */ res = load_priv_rsa_keys_v3(&rsa, pkey); if (res > 0){ printf("Failed to read the private key\n"); clean_rsa_st(rsa); return res; } audit_rsa_keys(rsa, st_audit_fips, st_keyinfo, pkey); // Clean clean_rsa_st(rsa); return 0; } /* * If OpenSSL v3, we need tu use new OpenSSL functions for reading keys */ static int loadkeys_rsa_v3(struct rsa **rsa, const char *pkey, int *format){ *rsa = (struct rsa*)malloc(sizeof(struct rsa*)); if (*rsa == NULL){ if (DEBUG) printf("Cannot malloc the structure\n"); return COMMON_ERR_MALLOC; } memset(*rsa, 0, sizeof(struct rsa*)); (*rsa)->bio = BIO_new(BIO_s_file()); if (BIO_read_filename((*rsa)->bio, pkey) == 0){ printf("Failed to read BIO\n"); return FIPS_ERR_READ_BIO; } #if OPENSSL_VERSION_NUMBER > 0x03000000f (*rsa)->evp = PEM_read_bio_PUBKEY_ex((*rsa)->bio, NULL, NULL, NULL, NULL, NULL); if ((*rsa)->evp == NULL){ return FIPS_ERR_LOAD_KEY; } //printf("Keysize: %d\n", EVP_PKEY_bits((*rsa)->evp)); (*rsa)->rsa = EVP_PKEY_get1_RSA((*rsa)->evp); if ((*rsa)->rsa == NULL){ return FIPS_ERR_LOAD_RSA_KEY; } #endif // Get the format of the key *format = 0; return 0; } static int loadkeys_rsa_v1(struct rsa **rsa, const char *pkey, int *format){ *rsa = (struct rsa*)malloc(sizeof(struct rsa*)); if (*rsa == NULL){ if (DEBUG) printf("Cannot malloc the structure\n"); return COMMON_ERR_MALLOC; } memset(*rsa, 0, sizeof(struct rsa*)); (*rsa)->bio = BIO_new(BIO_s_file()); if(BIO_read_filename((*rsa)->bio, pkey) == 0){ printf("Failed to read BIO\n"); return FIPS_ERR_READ_BIO; } /* * Works with PEM_read_RSAPublicKey, but when we try to read the file * we cannot. This function "block" the access to the file */ /*rsa->rsa = PEM_read_RSAPublicKey(f, NULL, NULL, NULL); */ // Deprecated in OpenSSL v3 /* * RSAPublicKey read publickey at the PEM format * RSA_PUBKEY read publickey at the PKCS1 format */ (*rsa)->rsa = PEM_read_bio_RSAPublicKey((*rsa)->bio, NULL, NULL, NULL); if ((*rsa)->rsa == NULL){ //print_error(); /* * We need to reset or reseek the BIO, otherwise, we cannot read it * https://docs.openssl.org/3.0/man3/BIO_ctrl/#synopsis */ //BIO_reset((*rsa)->bio); /* Works too */ BIO_seek((*rsa)->bio, 0); (*rsa)->rsa = PEM_read_bio_RSA_PUBKEY((*rsa)->bio, NULL, NULL,NULL); if ((*rsa)->rsa == NULL){ if (DEBUG) printf("Cannot read the SPKI format of the public key\n"); return FIPS_ERR_LOAD_KEY; } *format = RSA_FORMAT_SPKI; } else *format = RSA_FORMAT_PKCS1; return 0; } /* * This function load RSA Private key for OpenSSL v1 */ static int load_priv_rsa_keys_v1(struct rsa **rsa, const char *pkey){ *rsa = (struct rsa*)malloc(sizeof(struct rsa*)); if (*rsa == NULL){ if (DEBUG) printf("Cannot malloc the structure\n"); return COMMON_ERR_MALLOC; } (*rsa)->bio = BIO_new(BIO_s_file()); if ((*rsa)->bio == NULL){ if (DEBUG) printf("Failed to create new BIO\n"); return FIPS_ERR_NEW_BIO; } if(BIO_read_filename((*rsa)->bio, pkey) == 0){ printf("Failed to read BIO\n"); return FIPS_ERR_READ_BIO; } (*rsa)->rsa = PEM_read_bio_RSAPrivateKey((*rsa)->bio, NULL, NULL, NULL); if ((*rsa)->rsa == NULL){ if (DEBUG) printf("Failed to read BIO RSAPrivateKey\n"); return FIPS_ERR_LOAD_RSA_PRIV_KEY; } return 0; } /* * This function load RSA Private key for OpenSSL v3 */ static int load_priv_rsa_keys_v3(struct rsa **rsa, const char *pkey){ *rsa = (struct rsa*)malloc(sizeof(struct rsa*)); if (*rsa == NULL){ if (DEBUG) printf("Cannot malloc the structure\n"); return COMMON_ERR_MALLOC; } (*rsa)->bio = BIO_new(BIO_s_file()); if ((*rsa)->bio == NULL){ if (DEBUG) printf("Failed to create new BIO\n"); return FIPS_ERR_NEW_BIO; } if(BIO_read_filename((*rsa)->bio, pkey) == 0){ printf("Failed to read BIO\n"); return FIPS_ERR_READ_BIO; } #if OPENSSL_VERSION_NUMBER > 0x03000000f (*rsa)->evp = PEM_read_bio_PrivateKey_ex((*rsa)->bio, NULL, NULL, NULL, NULL, NULL); if ((*rsa)->evp == NULL){ if (DEBUG) printf("Failed to read BIO PrivateKey\n"); return FIPS_ERR_READ_BIO; } (*rsa)->rsa = EVP_PKEY_get1_RSA((*rsa)->evp); if ((*rsa)->rsa == NULL) return FIPS_ERR_LOAD_RSA_KEY; #endif return 0; } /* * This function audit the RSA keys, both public and private * For the audit, the function check the exponent (modulus) and the key size */ static void audit_rsa_keys(struct rsa *rsa, struct audit_fips *st_audit_fips, struct keyinfo *st_keyinfo, const char *pkey){ int res; st_keyinfo->keysize = RSA_size(rsa->rsa); st_keyinfo->algo = ALGO_RSA; // The return value is a const, shouldn't be freed const BIGNUM *e = RSA_get0_e(rsa->rsa); char *exponent = BN_bn2dec(e); //free(exponent); OPENSSL_free(exponent); /* Exponent has been set up, we can check it */ res = check_exponent(e, st_audit_fips->audit_exponent.result, &st_keyinfo->exponent); /* * Audit the key size. For a better security, the key size is at least 2048 bits */ if (st_keyinfo->keysize * 8 < 2048){ sprintf(st_audit_fips->audit_keysize.result, "The key size is lower than 2048. The key should be at least 2048 bits."); st_audit_fips->audit_keysize.audit = FALSE; } else{ sprintf(st_audit_fips->audit_keysize.result, "The key size is upper or equal than 2048. The audit is passed with success."); st_audit_fips->audit_keysize.audit = TRUE; } } /* * In this function, we are going to check the exponent * For testing if the exponent is odd or even, we apply a modulo 2 on the exponent * If the result is 1, means the key has a remainder and the key is odd, if the result is 0, the exponent is even. * Regarding to the FIPS 186-5, the exponent must be odd. * The function check also the size of the exponent. * When the key has been generated with OpenSSL, by default the exponent is 65537. * The exponent e size must be 2 ** 16 < e < 2 ** 256 */ static int check_exponent(const BIGNUM *e, char *buf, unsigned long *exponent){ BIGNUM *rem = BN_new(), *a = BN_new(), *m = BN_new(); char nExponent[4]; BN_CTX *ctx; char *r; int error = 0; sprintf(nExponent, "%d", 2); BN_dec2bn(&m, nExponent); //BN_mod(rem, e, m); ctx = BN_CTX_new(); BN_div(NULL, rem, e, m, ctx); //r = malloc(4); r = BN_bn2dec(rem); //printf("%s\n", r); /* * According to the FIPS 186-5, the exponent size must be 2 ** 16 < e < 2 ** 256 * The exponent must be odd too */ char *exp = BN_bn2dec(e); *exponent = (char2dec(exp[0]) * 10000) + (char2dec(exp[1]) * 1000) + (char2dec(exp[2])* 100) + (char2dec(exp[3]) * 10) + (char2dec(exp[4])); // printf("Exp: %lu\n", exp); if (strcmp(r, "0") == 0){ strncpy(buf, "The exponent is even, should be odd", BUF_SIZE_AUDIT); error += 1; } // Check the exponent size double minSize = pow(2, 16); double maxSize = pow(2, 256); if (*exponent < minSize || *exponent > maxSize){ strncpy(buf, "The exponent size is not correct. The minimum size is 2 ** 16 and maximum size 2 ** 256.", BUF_SIZE_AUDIT); error += 1; } // If no error if (error == 0) strncpy(buf, "The exponent is correct, the FIPS compliance is respected.", BUF_SIZE_AUDIT); // Cleaning free(r); BN_free(rem); BN_free(a); BN_free(m); BN_CTX_free(ctx); OPENSSL_free(exp); return 0; } /* * This function load X509 certificate for OpenSSL v1 */ static int fips_x509_v1(struct audit_fips *st_audit_fips, struct keyinfo *st_keyinfo, const char *pkey, const int to_stdout){ struct rsa *rsa = (struct rsa*)malloc(sizeof(struct rsa*)); if (rsa == NULL){ if (DEBUG) printf("Cannot malloc the structure\n"); return COMMON_ERR_MALLOC; } memset(rsa, 0, sizeof(struct rsa*)); rsa->bio = BIO_new(BIO_s_file()); if (BIO_read_filename(rsa->bio, pkey) == 0){ printf("Failed to read BIO\n"); return FIPS_ERR_READ_BIO; } X509 *x = PEM_read_bio_X509(rsa->bio, NULL, 0, NULL); if (x == NULL){ printf("Failed to read the X509 certificate\n"); clean_rsa_st(rsa); return FIPS_ERR_LOAD_X509; } EVP_PKEY *evp = X509_get_pubkey(x); if (evp == NULL){ printf("Failed to get public certificate\n"); X509_free(x); return FIPS_ERR_LOAD_RSA_KEY; } rsa->rsa = EVP_PKEY_get1_RSA(evp); if (rsa->rsa == NULL){ X509_free(x); EVP_PKEY_free(evp); return FIPS_ERR_LOAD_RSA_KEY; } // We have the RSA key, we can audit it audit_rsa_keys(rsa, st_audit_fips, st_keyinfo, pkey); X509_free(x); EVP_PKEY_free(evp); clean_rsa_st(rsa); return 0; } /* * This function load X509 certificate for OpenSSL v3 */ static int fips_x509_v3(struct audit_fips *st_audit_fips, struct keyinfo *st_keyinfo, const char *pkey, const int to_stdout){ struct rsa *rsa = (struct rsa*)malloc(sizeof(struct rsa*)); if (rsa == NULL){ if (DEBUG) printf("Cannot malloc the structure\n"); return COMMON_ERR_MALLOC; } memset(rsa, 0, sizeof(struct rsa*)); rsa->bio = BIO_new(BIO_s_file()); if (BIO_read_filename(rsa->bio, pkey) == 0){ printf("Failed to read BIO\n"); return FIPS_ERR_READ_BIO; } #if OPENSSL_VERSION_NUMBER > 0x03000000f rsa->evp = NULL; // Otherwise, I have a seg fault during clean rsa st X509 *x = PEM_read_bio_X509(rsa->bio, NULL, 0, NULL); if (x == NULL){ printf("Failed to read the X509 certificate\n"); clean_rsa_st(rsa); return FIPS_ERR_LOAD_X509; } rsa->evp = X509_get_pubkey(x); if (rsa->evp == NULL){ printf("Failed to get public certificate\n"); X509_free(x); return FIPS_ERR_LOAD_RSA_KEY; } rsa->rsa = EVP_PKEY_get1_RSA(rsa->evp); if (rsa->rsa == NULL){ X509_free(x); return FIPS_ERR_LOAD_RSA_KEY; } #endif /* * TODO: Need to identify public-key cryptosystem: RSA or EC */ // We have the RSA key, we can audit it audit_rsa_keys(rsa, st_audit_fips, st_keyinfo, pkey); #if OPENSSL_VERSION_NUMBER > 0x03000000f X509_free(x); #endif clean_rsa_st(rsa); return 0; } /* * This function clean the RSA structure */ static void clean_rsa_st(struct rsa *rsa){ if (DEBUG) printf("\nCleaning RSA\n"); if (rsa == NULL) return; if (rsa->bio != NULL) BIO_free(rsa->bio); if (openssl_version() == 3){ #if OPENSSL_VERSION_NUMBER > 0x03000000f if (rsa->evp != NULL) EVP_PKEY_free(rsa->evp); #endif } if (rsa->rsa != NULL) RSA_free(rsa->rsa); free(rsa); rsa = NULL; } /* * Return 1 if the version is upper than 1 and less than 3 * Return 3 for the version v3 */ static int openssl_version(){ unsigned long version = OPENSSL_VERSION_NUMBER; if (DEBUG) printf("OpenSSL Version: %lx\n", version); if (version <= 0x03000000f) return 1; if (version >= 0x03000000f) return 3; } /* * In case we have an error with OpenSSL librairy, we can print the error message */ static void print_error(){ unsigned long err = ERR_get_error(); char b[256]; ERR_error_string(err, b); printf("%s\n", b); }