diff options
-rw-r--r-- | configure.ac | 9 | ||||
-rw-r--r-- | src/tests/crypto-tests.c | 46 | ||||
-rw-r--r-- | src/util/crypto/libcrypto/crypto_base64.c | 103 | ||||
-rw-r--r-- | src/util/crypto/libcrypto/crypto_hmac_sha1.c | 60 | ||||
-rw-r--r-- | src/util/crypto/libcrypto/crypto_obfuscate.c | 285 | ||||
-rw-r--r-- | src/util/crypto/libcrypto/crypto_sha512crypt.c | 3 |
6 files changed, 489 insertions, 17 deletions
diff --git a/configure.ac b/configure.ac index 0f5391bd..5bb82a77 100644 --- a/configure.ac +++ b/configure.ac @@ -102,6 +102,7 @@ WITH_SUDO WITH_SUDO_LIB_PATH WITH_AUTOFS WITH_SSH +WITH_CRYPTO m4_include([src/external/pkg.m4]) m4_include([src/external/libpopt.m4]) @@ -214,8 +215,12 @@ if test x$HAVE_SYSTEMD_UNIT != x; then AM_CHECK_SYSTEMD fi -AM_CHECK_NSS -AM_CONDITIONAL([HAVE_NSS], [test x"$NSS_CFLAGS" != x]) +if test x$cryptolib = xnss; then + AM_CHECK_NSS +fi +if test x$cryptolib = xlibcrypto; then + AM_CHECK_LIBCRYPTO +fi AC_CHECK_HEADERS([sys/inotify.h]) diff --git a/src/tests/crypto-tests.c b/src/tests/crypto-tests.c index 045f4262..0492a384 100644 --- a/src/tests/crypto-tests.c +++ b/src/tests/crypto-tests.c @@ -60,10 +60,8 @@ START_TEST(test_encrypt_decrypt) int ret; int expected; -#ifdef HAVE_NSS +#if defined(HAVE_NSS) || defined(HAVE_LIBCRYPTO) expected = EOK; -#elif HAVE_LIBCRYPTO - expected = ENOSYS; #else #error Unknown crypto back end #endif @@ -108,10 +106,8 @@ START_TEST(test_hmac_sha1) int ret, expected; int i; -#ifdef HAVE_NSS +#if defined(HAVE_NSS) || defined(HAVE_LIBCRYPTO) expected = EOK; -#elif HAVE_LIBCRYPTO - expected = ENOSYS; #else #error Unknown crypto back end #endif @@ -126,6 +122,42 @@ START_TEST(test_hmac_sha1) } END_TEST +START_TEST(test_base64_encode) +{ + const unsigned char obfbuf[] = "test"; + const char expected[] = "dGVzdA=="; + char *obfpwd = NULL; + + test_ctx = talloc_new(NULL); + fail_if(test_ctx == NULL); + /* Base64 encode the buffer */ + obfpwd = sss_base64_encode(test_ctx, obfbuf, strlen((const char*)obfbuf)); + fail_if(obfpwd == NULL); + fail_if(strcmp(obfpwd,expected) != 0); + + talloc_free(test_ctx); +} +END_TEST + +START_TEST(test_base64_decode) +{ + unsigned char *obfbuf = NULL; + size_t obflen; + const char b64encoded[] = "dGVzdA=="; + const unsigned char expected[] = "test"; + + test_ctx = talloc_new(NULL); + fail_if(test_ctx == NULL); + /* Base64 decode the buffer */ + obfbuf = sss_base64_decode(test_ctx, b64encoded, &obflen); + fail_if(!obfbuf); + fail_if(obflen != strlen((const char*)expected)); + fail_if(memcmp(obfbuf, expected, obflen) != 0); + + talloc_free(test_ctx); +} +END_TEST + Suite *crypto_suite(void) { Suite *s = suite_create("sss_crypto"); @@ -138,6 +170,8 @@ Suite *crypto_suite(void) #endif tcase_add_test(tc, test_encrypt_decrypt); tcase_add_test(tc, test_hmac_sha1); + tcase_add_test(tc, test_base64_encode); + tcase_add_test(tc, test_base64_decode); /* Add all test cases to the test suite */ suite_add_tcase(s, tc); diff --git a/src/util/crypto/libcrypto/crypto_base64.c b/src/util/crypto/libcrypto/crypto_base64.c index c04914b9..3a119a0e 100644 --- a/src/util/crypto/libcrypto/crypto_base64.c +++ b/src/util/crypto/libcrypto/crypto_base64.c @@ -1,6 +1,7 @@ /* Authors: Jan Cholasta <jcholast@redhat.com> + George McCollister <george.mccollister@gmail.com> Copyright (C) 2012 Red Hat @@ -20,18 +21,112 @@ #include "util/util.h" +#include <openssl/bio.h> +#include <openssl/evp.h> + char *sss_base64_encode(TALLOC_CTX *mem_ctx, const unsigned char *in, size_t insize) { - DEBUG(SSSDBG_CRIT_FAILURE, ("sss_base64_encode not implemented.\n")); - return NULL; + char *b64encoded = NULL, *outbuf = NULL; + int i, j, b64size; + BIO *bmem, *b64; + + b64 = BIO_new(BIO_f_base64()); + if (!b64) return NULL; + + BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); + bmem = BIO_new(BIO_s_mem()); + if (!bmem) goto done; + + b64 = BIO_push(b64, bmem); + + BIO_write(b64, in, insize); + + (void) BIO_flush(b64); + + b64size = BIO_get_mem_data(bmem, &b64encoded); + if (b64encoded) { + outbuf = talloc_array(mem_ctx, char, b64size+1); + if (outbuf == NULL) goto done; + + for (i=0, j=0; i < b64size; i++) { + if (b64encoded[i] == '\n' || b64encoded[i] == '\r') { + continue; + } + outbuf[j++] = b64encoded[i]; + } + outbuf[j++] = '\0'; + } + +done: + BIO_free_all(b64); + return outbuf; } unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx, const char *in, size_t *outsize) { - DEBUG(SSSDBG_CRIT_FAILURE, ("sss_base64_decode not implemented.\n")); - return NULL; + unsigned char *outbuf = NULL; + unsigned char *b64decoded = NULL; + unsigned char inbuf[512]; + char * in_dup; + int size, inlen = strlen(in); + BIO *bmem, *b64, *bmem_out; + TALLOC_CTX *tmp_ctx = NULL; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return NULL; + } + + in_dup = talloc_size(tmp_ctx, inlen+1); + if (!in_dup) goto done; + memcpy(in_dup, in, inlen+1); + + b64 = BIO_new(BIO_f_base64()); + if (!b64) goto done; + + BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); + + bmem = BIO_new_mem_buf(in_dup, -1); + if (!bmem) { + BIO_free(b64); + goto done; + } + + b64 = BIO_push(b64, bmem); + + bmem_out = BIO_new(BIO_s_mem()); + if (!bmem_out) { + BIO_free_all(b64); + goto done; + } + + while((inlen = BIO_read(b64, inbuf, 512)) > 0) + BIO_write(bmem_out, inbuf, inlen); + + (void) BIO_flush(bmem_out); + + size = BIO_get_mem_data(bmem_out, &b64decoded); + + if (b64decoded) { + outbuf = talloc_memdup(mem_ctx, b64decoded, size); + if (!outbuf) { + BIO_free_all(b64); + BIO_free(bmem_out); + goto done; + } + + *outsize = size; + } else { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get decoded data\n")); + } + BIO_free_all(b64); + BIO_free(bmem_out); + +done: + talloc_free(tmp_ctx); + return outbuf; } diff --git a/src/util/crypto/libcrypto/crypto_hmac_sha1.c b/src/util/crypto/libcrypto/crypto_hmac_sha1.c index 32acd25a..37d25794 100644 --- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c +++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c @@ -1,6 +1,7 @@ /* Authors: Jan Cholasta <jcholast@redhat.com> + George McCollister <george.mccollister@gmail.com> Copyright (C) 2012 Red Hat @@ -19,6 +20,11 @@ */ #include "util/util.h" +#include "util/crypto/sss_crypto.h" + +#include <openssl/evp.h> + +#define HMAC_SHA1_BLOCKSIZE 64 int sss_hmac_sha1(const unsigned char *key, size_t key_len, @@ -26,6 +32,56 @@ int sss_hmac_sha1(const unsigned char *key, size_t in_len, unsigned char *out) { - DEBUG(SSSDBG_CRIT_FAILURE, ("sss_hmac_sha1 not implemented.\n")); - return ENOSYS; + int ret; + EVP_MD_CTX ctx; + unsigned char ikey[HMAC_SHA1_BLOCKSIZE], okey[HMAC_SHA1_BLOCKSIZE]; + size_t i; + unsigned char hash[SSS_SHA1_LENGTH]; + unsigned int res_len; + + EVP_MD_CTX_init(&ctx); + + if (key_len > HMAC_SHA1_BLOCKSIZE) { + /* keys longer than blocksize are shortened */ + if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) { + ret = EIO; + goto done; + } + + EVP_DigestUpdate(&ctx, (const unsigned char *)key, key_len); + EVP_DigestFinal_ex(&ctx, ikey, &res_len); + memset(ikey + SSS_SHA1_LENGTH, 0, HMAC_SHA1_BLOCKSIZE - SSS_SHA1_LENGTH); + } else { + /* keys shorter than blocksize are zero-padded */ + memcpy(ikey, key, key_len); + memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len); + } + + /* HMAC(key, msg) = HASH(key XOR opad, HASH(key XOR ipad, msg)) */ + for (i = 0; i < HMAC_SHA1_BLOCKSIZE; i++) { + okey[i] = ikey[i] ^ 0x5c; + ikey[i] ^= 0x36; + } + + if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) { + ret = EIO; + goto done; + } + + EVP_DigestUpdate(&ctx, (const unsigned char *)ikey, HMAC_SHA1_BLOCKSIZE); + EVP_DigestUpdate(&ctx, (const unsigned char *)in, in_len); + EVP_DigestFinal_ex(&ctx, hash, &res_len); + + if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) { + ret = EIO; + goto done; + } + + EVP_DigestUpdate(&ctx, (const unsigned char *)okey, HMAC_SHA1_BLOCKSIZE); + EVP_DigestUpdate(&ctx, (const unsigned char *)hash, SSS_SHA1_LENGTH); + EVP_DigestFinal_ex(&ctx, out, &res_len); + ret = EOK; +done: + EVP_MD_CTX_cleanup(&ctx); + return ret; } diff --git a/src/util/crypto/libcrypto/crypto_obfuscate.c b/src/util/crypto/libcrypto/crypto_obfuscate.c index 026e993c..e303e8c8 100644 --- a/src/util/crypto/libcrypto/crypto_obfuscate.c +++ b/src/util/crypto/libcrypto/crypto_obfuscate.c @@ -1,16 +1,297 @@ +/* + SSSD + + Password obfuscation logic + + Authors: + George McCollister <george.mccollister@gmail.com> + + Copyright (C) George McCollister 2012 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* + * READ ME: + * + * Please note that password obfuscation does not improve security in any + * way. It is just a mechanism to make the password human-unreadable. If you + * need to secure passwords in your application, you should probably take a + * look at storing passwords in NSS-backed database. + */ + +#include "config.h" #include <talloc.h> #include <errno.h> +#include "util/util.h" #include "util/crypto/sss_crypto.h" +#include <openssl/evp.h> +#include <openssl/rand.h> + +#define OBF_BUFFER_SENTINEL "\0\1\2\3" +#define OBF_BUFFER_SENTINEL_SIZE 4 + +struct crypto_mech_data { + const EVP_CIPHER * (*cipher)(void); + uint16_t keylen; + uint16_t bsize; +}; + +static struct crypto_mech_data cmdata[] = { + /* AES with automatic padding, 256b key, 128b block */ + { EVP_aes_256_cbc, 32, 16 }, + /* sentinel */ + { 0, 0, 0 } +}; + +static struct crypto_mech_data *get_crypto_mech_data(enum obfmethod meth) +{ + if (meth >= NUM_OBFMETHODS) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported cipher type\n")); + return NULL; + } + return &cmdata[meth]; +} + int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, enum obfmethod meth, char **obfpwd) { - return ENOSYS; + int ret; + EVP_CIPHER_CTX ctx; + struct crypto_mech_data *mech_props; + TALLOC_CTX *tmp_ctx = NULL; + unsigned char *keybuf; + unsigned char *ivbuf; + unsigned char *cryptotext; + int ct_maxsize; + int ctlen = 0; + int digestlen = 0; + int result_len; + + unsigned char *obfbuf; + size_t obufsize = 0; + size_t p = 0; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } + + EVP_CIPHER_CTX_init(&ctx); + + mech_props = get_crypto_mech_data(meth); + if (mech_props == NULL) { + ret = EINVAL; + goto done; + } + + keybuf = talloc_array(tmp_ctx, unsigned char, mech_props->keylen); + if (keybuf == NULL) { + ret = ENOMEM; + goto done; + } + + ivbuf = talloc_array(tmp_ctx, unsigned char, mech_props->bsize); + if (ivbuf == NULL) { + ret = ENOMEM; + goto done; + } + + RAND_bytes(keybuf, mech_props->keylen); + RAND_bytes(ivbuf, mech_props->bsize); + + /* cryptotext buffer must be at least len(plaintext)+blocksize */ + ct_maxsize = plen + (mech_props->bsize); + cryptotext = talloc_array(tmp_ctx, unsigned char, ct_maxsize); + if (!cryptotext) { + ret = ENOMEM; + goto done; + } + + if (!EVP_EncryptInit_ex(&ctx, mech_props->cipher(), 0, keybuf, ivbuf)) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failure to initialize cipher contex\n")); + ret = EIO; + goto done; + } + + /* sample data we'll encrypt and decrypt */ + if (!EVP_EncryptUpdate(&ctx, cryptotext, &ctlen, (const unsigned char*)password, plen)) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot execute the encryption operation\n")); + ret = EIO; + goto done; + } + + if(!EVP_EncryptFinal_ex(&ctx, cryptotext+ctlen, &digestlen)) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot finialize the encryption operation\n")); + ret = EIO; + goto done; + } + + result_len = ctlen + digestlen; + + /* Pack the obfuscation buffer */ + /* The buffer consists of: + * uint16_t the type of the cipher + * uint32_t length of the cryptotext in bytes (clen) + * uint8_t[klen] key + * uint8_t[blen] IV + * uint8_t[clen] cryptotext + * 4 bytes of "sentinel" denoting end of the buffer + */ + obufsize = sizeof(uint16_t) + sizeof(uint32_t) + + mech_props->keylen + mech_props->bsize + + result_len + OBF_BUFFER_SENTINEL_SIZE; + obfbuf = talloc_array(tmp_ctx, unsigned char, obufsize); + if (!obfbuf) { + ret = ENOMEM; + goto done; + } + + DEBUG(SSSDBG_TRACE_FUNC, ("Writing method: %d\n", meth)); + SAFEALIGN_SET_UINT16(&obfbuf[p], meth, &p); + DEBUG(SSSDBG_TRACE_FUNC, ("Writing bufsize: %d\n", result_len)); + SAFEALIGN_SET_UINT16(&obfbuf[p], result_len, &p); + safealign_memcpy(&obfbuf[p], keybuf, mech_props->keylen, &p); + safealign_memcpy(&obfbuf[p], ivbuf, mech_props->bsize, &p); + safealign_memcpy(&obfbuf[p], cryptotext, result_len, &p); + safealign_memcpy(&obfbuf[p], OBF_BUFFER_SENTINEL, + OBF_BUFFER_SENTINEL_SIZE, &p); + + /* Base64 encode the resulting buffer */ + *obfpwd = sss_base64_encode(mem_ctx, obfbuf, obufsize); + if (*obfpwd == NULL) { + ret = ENOMEM; + goto done; + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + EVP_CIPHER_CTX_cleanup(&ctx); + return ret; } int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, char **password) { - return ENOSYS; + int ret; + EVP_CIPHER_CTX ctx; + TALLOC_CTX *tmp_ctx = NULL; + struct crypto_mech_data *mech_props; + + int plainlen; + int digestlen; + unsigned char *obfbuf = NULL; + size_t obflen; + char *pwdbuf; + + /* for unmarshaling data */ + uint16_t meth; + uint16_t ctsize; + size_t p = 0; + unsigned char *cryptotext; + unsigned char *keybuf; + unsigned char *ivbuf; + unsigned char sentinel_check[OBF_BUFFER_SENTINEL_SIZE]; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } + + EVP_CIPHER_CTX_init(&ctx); + + /* Base64 decode the incoming buffer */ + obfbuf = sss_base64_decode(tmp_ctx, b64encoded, &obflen); + if (!obfbuf) { + ret = ENOMEM; + goto done; + } + + /* unpack obfuscation buffer */ + SAFEALIGN_COPY_UINT16_CHECK(&meth, obfbuf+p, obflen, &p); + DEBUG(SSSDBG_TRACE_FUNC, ("Read method: %d\n", meth)); + SAFEALIGN_COPY_UINT16_CHECK(&ctsize, obfbuf+p, obflen, &p); + DEBUG(SSSDBG_TRACE_FUNC, ("Read bufsize: %d\n", ctsize)); + + mech_props = get_crypto_mech_data(meth); + if (mech_props == NULL) { + ret = EINVAL; + goto done; + } + + /* check that we got sane mechanism properties and cryptotext size */ + memcpy(sentinel_check, + obfbuf + p + mech_props->keylen + mech_props->bsize + ctsize, + OBF_BUFFER_SENTINEL_SIZE); + if (memcmp(sentinel_check, OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE) != 0) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Obfuscation buffer seems corrupt, aborting\n")); + ret = EFAULT; + goto done; + } + + /* copy out key, ivbuf and cryptotext */ + keybuf = talloc_array(tmp_ctx, unsigned char, mech_props->keylen); + if (keybuf == NULL) { + ret = ENOMEM; + goto done; + } + safealign_memcpy(keybuf, obfbuf+p, mech_props->keylen, &p); + + ivbuf = talloc_array(tmp_ctx, unsigned char, mech_props->bsize); + if (ivbuf == NULL) { + ret = ENOMEM; + goto done; + } + safealign_memcpy(ivbuf, obfbuf+p, mech_props->bsize, &p); + + cryptotext = talloc_array(tmp_ctx, unsigned char, ctsize); + if (cryptotext == NULL) { + ret = ENOMEM; + goto done; + } + safealign_memcpy(cryptotext, obfbuf+p, ctsize, &p); + + pwdbuf = talloc_array(tmp_ctx, char, ctsize); + if (!pwdbuf) { + ret = ENOMEM; + goto done; + } + + if (!EVP_DecryptInit_ex(&ctx, mech_props->cipher(), 0, keybuf, ivbuf)) { + ret = EIO; + goto done; + } + + /* sample data we'll encrypt and decrypt */ + if (!EVP_DecryptUpdate(&ctx, (unsigned char*)pwdbuf, &plainlen, cryptotext, ctsize)) { + ret = EIO; + goto done; + } + + if(!EVP_DecryptFinal_ex(&ctx, (unsigned char*)pwdbuf+plainlen, &digestlen)) { + ret = EIO; + goto done; + } + + *password = talloc_move(mem_ctx, &pwdbuf); + ret = EOK; +done: + talloc_free(tmp_ctx); + EVP_CIPHER_CTX_cleanup(&ctx); + return ret; } diff --git a/src/util/crypto/libcrypto/crypto_sha512crypt.c b/src/util/crypto/libcrypto/crypto_sha512crypt.c index 50734318..f4c3e0da 100644 --- a/src/util/crypto/libcrypto/crypto_sha512crypt.c +++ b/src/util/crypto/libcrypto/crypto_sha512crypt.c @@ -10,6 +10,8 @@ /* SHA512-based Unix crypt implementation. Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. */ +#include "config.h" + #include <endian.h> #include <errno.h> #include <limits.h> @@ -141,7 +143,6 @@ static int sha512_crypt_r(const char *key, * compatibility with existing implementations). */ EVP_DigestUpdate(&ctx, (const unsigned char *)salt, salt_len); - /* Compute alternate SHA512 sum with input KEY, SALT, and KEY. * The final result will be added to the first context. */ if (!EVP_DigestInit_ex(&alt_ctx, EVP_sha512(), NULL)) { |