diff options
-rw-r--r-- | Makefile.am | 6 | ||||
-rw-r--r-- | src/util/crypto/libcrypto/crypto_base64.c | 37 | ||||
-rw-r--r-- | src/util/crypto/nss/nss_base64.c | 91 | ||||
-rw-r--r-- | src/util/crypto/nss/nss_obfuscate.c | 39 | ||||
-rw-r--r-- | src/util/crypto/sss_crypto.h | 8 |
5 files changed, 143 insertions, 38 deletions
diff --git a/Makefile.am b/Makefile.am index c0b4c700..e0ad0dcb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -141,13 +141,15 @@ noinst_LTLIBRARIES = \ libsss_crypt.la if HAVE_NSS - SSS_CRYPT_SOURCES = src/util/crypto/nss/nss_sha512crypt.c \ + SSS_CRYPT_SOURCES = src/util/crypto/nss/nss_base64.c \ + src/util/crypto/nss/nss_sha512crypt.c \ src/util/crypto/nss/nss_obfuscate.c \ src/util/crypto/nss/nss_util.c SSS_CRYPT_CFLAGS = $(NSS_CFLAGS) SSS_CRYPT_LIBS = $(NSS_LIBS) else - SSS_CRYPT_SOURCES = src/util/crypto/libcrypto/crypto_sha512crypt.c \ + SSS_CRYPT_SOURCES = src/util/crypto/libcrypto/crypto_base64.c \ + src/util/crypto/libcrypto/crypto_sha512crypt.c \ src/util/crypto/libcrypto/crypto_obfuscate.c SSS_CRYPT_CFLAGS = $(CRYPTO_CFLAGS) SSS_CRYPT_LIBS = $(CRYPTO_LIBS) diff --git a/src/util/crypto/libcrypto/crypto_base64.c b/src/util/crypto/libcrypto/crypto_base64.c new file mode 100644 index 00000000..c04914b9 --- /dev/null +++ b/src/util/crypto/libcrypto/crypto_base64.c @@ -0,0 +1,37 @@ +/* + Authors: + Jan Cholasta <jcholast@redhat.com> + + Copyright (C) 2012 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "util/util.h" + +char *sss_base64_encode(TALLOC_CTX *mem_ctx, + const unsigned char *in, + size_t insize) +{ + DEBUG(SSSDBG_CRIT_FAILURE, ("sss_base64_encode not implemented.\n")); + return NULL; +} + +unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx, + const char *in, + size_t *outsize) +{ + DEBUG(SSSDBG_CRIT_FAILURE, ("sss_base64_decode not implemented.\n")); + return NULL; +} diff --git a/src/util/crypto/nss/nss_base64.c b/src/util/crypto/nss/nss_base64.c new file mode 100644 index 00000000..be3de487 --- /dev/null +++ b/src/util/crypto/nss/nss_base64.c @@ -0,0 +1,91 @@ +/* + Authors: + Jakub Hrozek <jhrozek@redhat.com> + + Copyright (C) 2012 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <talloc.h> + +#include "util/util.h" +#include "util/crypto/nss/nss_util.h" + +#include <base64.h> + +/* NSS wraps b64 encoded buffers with CRLF automatically after 64 chars. This + * function strips the CRLF double-chars. The buffer can be decoded with plain + * NSS calls */ +char *sss_base64_encode(TALLOC_CTX *mem_ctx, + const unsigned char *inbuf, + size_t inbufsize) +{ + int ret; + char *b64encoded = NULL; + int i, j, b64size; + char *outbuf; + + /* initialize NSS if needed */ + ret = nspr_nss_init(); + if (ret != EOK) { + return NULL; + } + + b64encoded = BTOA_DataToAscii(inbuf, inbufsize); + if (!b64encoded) return NULL; + + b64size = strlen(b64encoded) + 1; + outbuf = talloc_array(mem_ctx, char, b64size); + if (outbuf == NULL) { + PORT_Free(b64encoded); + return NULL; + } + + for (i=0, j=0; i < b64size; i++) { + if (b64encoded[i] == '\n' || b64encoded[i] == '\r') { + continue; + } + outbuf[j++] = b64encoded[i]; /* will also copy the trailing \0 char */ + } + + PORT_Free(b64encoded); + return outbuf; +} + +unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx, + const char *inbuf, + size_t *outbufsize) +{ + int ret; + unsigned char *b64decoded = NULL; + unsigned int size; + unsigned char *outbuf; + + /* initialize NSS if needed */ + ret = nspr_nss_init(); + if (ret != EOK) { + return NULL; + } + + b64decoded = ATOB_AsciiToData(inbuf, &size); + if (!b64decoded) return NULL; + + outbuf = talloc_memdup(mem_ctx, b64decoded, size); + PORT_Free(b64decoded); + if (!outbuf) return NULL; + + *outbufsize = size; + return outbuf; +} diff --git a/src/util/crypto/nss/nss_obfuscate.c b/src/util/crypto/nss/nss_obfuscate.c index db10be60..c0882d4e 100644 --- a/src/util/crypto/nss/nss_obfuscate.c +++ b/src/util/crypto/nss/nss_obfuscate.c @@ -224,38 +224,6 @@ done: return ret; } -/* NSS wraps b64 encoded buffers with CRLF automatically after 64 chars. This - * function strips the CRLF double-chars. The buffer can be decoded with plain - * NSS calls */ -static char *b64_encode(TALLOC_CTX *mem_ctx, - unsigned char *inbuf, - size_t inbufsize) -{ - char *b64encoded = NULL; - int i, j, b64size; - char *outbuf; - - b64encoded = BTOA_DataToAscii(inbuf, inbufsize); - if (!b64encoded) return NULL; - - b64size = strlen(b64encoded) + 1; - outbuf = talloc_array(mem_ctx, char, b64size); - if (outbuf == NULL) { - PORT_Free(b64encoded); - return NULL; - } - - for (i=0, j=0; i < b64size; i++) { - if (b64encoded[i] == '\n' || b64encoded[i] == '\r') { - continue; - } - outbuf[j++] = b64encoded[i]; /* will also copy the trailing \0 char */ - } - - PORT_Free(b64encoded); - return outbuf; -} - int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, enum obfmethod meth, char **obfpwd) { @@ -383,7 +351,7 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, OBF_BUFFER_SENTINEL_SIZE, &p); /* Base64 encode the resulting buffer */ - *obfpwd = b64_encode(mem_ctx, obfbuf, obufsize); + *obfpwd = sss_base64_encode(mem_ctx, obfbuf, obufsize); if (*obfpwd == NULL) { ret = ENOMEM; goto done; @@ -408,7 +376,7 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, int plainlen; unsigned int digestlen; unsigned char *obfbuf = NULL; - unsigned int obflen; + size_t obflen; char *pwdbuf; /* for unmarshaling data */ @@ -433,7 +401,7 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, } /* Base64 decode the incoming buffer */ - obfbuf = ATOB_AsciiToData(b64encoded, &obflen); + obfbuf = sss_base64_decode(tmp_ctx, b64encoded, &obflen); if (!obfbuf) { ret = ENOMEM; goto done; @@ -531,7 +499,6 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, *password = talloc_move(mem_ctx, &pwdbuf); ret = EOK; done: - PORT_Free(obfbuf); talloc_free(tmp_ctx); nspr_nss_cleanup(); return ret; diff --git a/src/util/crypto/sss_crypto.h b/src/util/crypto/sss_crypto.h index 66394aeb..7b3e5e09 100644 --- a/src/util/crypto/sss_crypto.h +++ b/src/util/crypto/sss_crypto.h @@ -11,6 +11,14 @@ enum obfmethod { int test2(void); +char *sss_base64_encode(TALLOC_CTX *mem_ctx, + const unsigned char *in, + size_t insize); + +unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx, + const char *in, + size_t *outsize); + int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, enum obfmethod meth, char **obfpwd); |