Ver código fonte

Command-line option -R, for local rsa keys.

Michele Orrù 11 anos atrás
pai
commit
a6180e36f1
3 arquivos alterados com 45 adições e 15 exclusões
  1. 11 5
      src/cmdline.c
  2. 2 2
      src/include/qa/qa.h
  3. 32 8
      src/qa.c

+ 11 - 5
src/cmdline.c

@@ -25,7 +25,7 @@
 void usage(void)
 {
   static const char* help_message = "%s usage: %s"
-    " [-r HOST:port | -f FILE]"
+    " [-r HOST:port | -f X509 | -R RSA]"
     " [-a ATTACK]"
     " \n";
   fprintf(stderr, help_message,
@@ -49,13 +49,14 @@ int main(int argc, char** argv)
     {"help", no_argument, NULL, 'h'},
     {"remote", required_argument, NULL, 'r'},
     {"file", required_argument, NULL, 'f'},
+    {"rsa", required_argument, NULL, 'R'},
     {0, 0, 0, 0}
   };
-  static const char* short_options = "hr:f:a:";
+  static const char* short_options = "hr:f:a:R:";
 
   struct qa_conf conf = {
     .src_type = NONE,
-    .attacks = NULL
+    .attacks = NULL,
   };
 
   while ((opt=getopt_long(argc, argv,
@@ -68,7 +69,7 @@ int main(int argc, char** argv)
       break;
     case 'f':
       if (conf.src_type != NONE) conflicting_args();
-      conf.src_type = LOCAL;
+      conf.src_type = LOCAL_X509;
       conf.src = optarg;
       break;
     case 'r':
@@ -76,6 +77,11 @@ int main(int argc, char** argv)
       conf.src_type = REMOTE;
       conf.src = optarg;
       break;
+    case 'R':
+      if (conf.src_type != NONE) conflicting_args();
+      conf.src_type = LOCAL_RSA;
+      conf.src = optarg;
+      break;
     case 'a':
       conf.attacks = optarg;
       break;
@@ -86,7 +92,7 @@ int main(int argc, char** argv)
     }
 
   if (conf.src_type == NONE)  {
-    conf.src_type = REMOTE;
+    conf.src_type = LOCAL_RSA;
 
     if (optind == argc)
       conf.src = "-";

+ 2 - 2
src/include/qa/qa.h

@@ -5,7 +5,7 @@
 
 struct qa_conf {
   enum sources {
-    NONE, LOCAL, REMOTE
+    NONE, LOCAL_X509, LOCAL_RSA, REMOTE
   } src_type;
   char *src;
   char *attacks;
@@ -14,7 +14,7 @@ struct qa_conf {
 
 int qa_init(const struct qa_conf* args);
 
-void qa_dispose(X509 *crt);
+void qa_dispose(X509 *crt, RSA *rsa);
 
 X509* get_local_cert(const char *src);
 

+ 32 - 8
src/qa.c

@@ -55,6 +55,25 @@ get_local_cert(const char *src)
   return crt;
 }
 
+/**
+ * \brief Loads a valid rsa public key from file.
+ *
+ * /return NULL in case of error, a X509* structure otherwise.
+ */
+RSA*
+get_local_rsa(const char *src)
+{
+  RSA *rsa = NULL;
+  FILE *fp;
+
+  if (!strcmp(src, "-")) fp = stdin;
+  else if (!(fp = fopen(src, "r")))
+    return NULL;
+
+  rsa = PEM_read_RSAPublicKey(fp, &rsa, NULL, NULL);
+  return rsa;
+}
+
 /**
  * \brief Print out a valid RSA Private Key.
  *
@@ -96,6 +115,7 @@ int
 qa_init(const struct qa_conf* conf)
 {
   X509 *crt = NULL;
+  RSA *rsa = NULL;
 
   /* bind stdout/stderr to a BIO shit to be used externally */
   bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
@@ -104,16 +124,17 @@ qa_init(const struct qa_conf* conf)
   /* Initialize SSL Library by registering algorithms. */
   SSL_library_init();
 
-
   if (conf->src_type == REMOTE)
     crt = get_remote_cert(conf->src);
-  else if (conf->src_type == LOCAL)
+  else if (conf->src_type == LOCAL_X509)
     crt = get_local_cert(conf->src);
+  else if (conf->src_type == LOCAL_RSA)
+    rsa = get_local_rsa(conf->src);
   else
     error(EXIT_FAILURE, 0, "iternal error: unable to determine source type.");
 
-  if (!crt)
-    error(EXIT_FAILURE, errno, "oops");
+  if (!crt && !rsa)
+    error(EXIT_FAILURE, errno, "Unable to open source.");
 
 
   if (!conf->attacks) select_all_questions();
@@ -121,19 +142,22 @@ qa_init(const struct qa_conf* conf)
 
   if (!questions.lh_first) error(EXIT_FAILURE, 0, "No valid question selected.");
 
-  qa_dispose(crt);
+  qa_dispose(crt, rsa);
 
   X509_free(crt);
   return 0;
 }
 
 void
-qa_dispose(X509 *crt)
+qa_dispose(X509 *crt, RSA *rsa)
 {
-  RSA *pub = X509_get_pubkey(crt)->pkey.rsa;
+  RSA *pub;
   RSA *priv;
   qa_question_t *q;
 
+  if (!rsa && crt)  pub = X509_get_pubkey(crt)->pkey.rsa;
+  else pub = rsa;
+
   printf("[+] Certificate acquired\n");
   LIST_FOREACH(q, &questions, qs) {
     printf( "[-] Running: %s\n", q->pretty_name);
@@ -169,7 +193,7 @@ qa_dispose(X509 *crt)
     /*
      * Attempt to attack the X509 certificate.
      */
-    if (q->ask_crt)  q->ask_crt(crt);
+    if (crt && q->ask_crt)  q->ask_crt(crt);
 
     /*
      * Shut down the given question. If it fails, print an error messae and go