summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--configure.ac9
-rw-r--r--src/tests/crypto-tests.c46
-rw-r--r--src/util/crypto/libcrypto/crypto_base64.c103
-rw-r--r--src/util/crypto/libcrypto/crypto_hmac_sha1.c60
-rw-r--r--src/util/crypto/libcrypto/crypto_obfuscate.c285
-rw-r--r--src/util/crypto/libcrypto/crypto_sha512crypt.c3
6 files changed, 489 insertions, 17 deletions
diff --git a/configure.ac b/configure.ac
index 0f5391bd..5bb82a77 100644
--- a/configure.ac
+++ b/configure.ac
@@ -102,6 +102,7 @@ WITH_SUDO
WITH_SUDO_LIB_PATH
WITH_AUTOFS
WITH_SSH
+WITH_CRYPTO
m4_include([src/external/pkg.m4])
m4_include([src/external/libpopt.m4])
@@ -214,8 +215,12 @@ if test x$HAVE_SYSTEMD_UNIT != x; then
AM_CHECK_SYSTEMD
fi
-AM_CHECK_NSS
-AM_CONDITIONAL([HAVE_NSS], [test x"$NSS_CFLAGS" != x])
+if test x$cryptolib = xnss; then
+ AM_CHECK_NSS
+fi
+if test x$cryptolib = xlibcrypto; then
+ AM_CHECK_LIBCRYPTO
+fi
AC_CHECK_HEADERS([sys/inotify.h])
diff --git a/src/tests/crypto-tests.c b/src/tests/crypto-tests.c
index 045f4262..0492a384 100644
--- a/src/tests/crypto-tests.c
+++ b/src/tests/crypto-tests.c
@@ -60,10 +60,8 @@ START_TEST(test_encrypt_decrypt)
int ret;
int expected;
-#ifdef HAVE_NSS
+#if defined(HAVE_NSS) || defined(HAVE_LIBCRYPTO)
expected = EOK;
-#elif HAVE_LIBCRYPTO
- expected = ENOSYS;
#else
#error Unknown crypto back end
#endif
@@ -108,10 +106,8 @@ START_TEST(test_hmac_sha1)
int ret, expected;
int i;
-#ifdef HAVE_NSS
+#if defined(HAVE_NSS) || defined(HAVE_LIBCRYPTO)
expected = EOK;
-#elif HAVE_LIBCRYPTO
- expected = ENOSYS;
#else
#error Unknown crypto back end
#endif
@@ -126,6 +122,42 @@ START_TEST(test_hmac_sha1)
}
END_TEST
+START_TEST(test_base64_encode)
+{
+ const unsigned char obfbuf[] = "test";
+ const char expected[] = "dGVzdA==";
+ char *obfpwd = NULL;
+
+ test_ctx = talloc_new(NULL);
+ fail_if(test_ctx == NULL);
+ /* Base64 encode the buffer */
+ obfpwd = sss_base64_encode(test_ctx, obfbuf, strlen((const char*)obfbuf));
+ fail_if(obfpwd == NULL);
+ fail_if(strcmp(obfpwd,expected) != 0);
+
+ talloc_free(test_ctx);
+}
+END_TEST
+
+START_TEST(test_base64_decode)
+{
+ unsigned char *obfbuf = NULL;
+ size_t obflen;
+ const char b64encoded[] = "dGVzdA==";
+ const unsigned char expected[] = "test";
+
+ test_ctx = talloc_new(NULL);
+ fail_if(test_ctx == NULL);
+ /* Base64 decode the buffer */
+ obfbuf = sss_base64_decode(test_ctx, b64encoded, &obflen);
+ fail_if(!obfbuf);
+ fail_if(obflen != strlen((const char*)expected));
+ fail_if(memcmp(obfbuf, expected, obflen) != 0);
+
+ talloc_free(test_ctx);
+}
+END_TEST
+
Suite *crypto_suite(void)
{
Suite *s = suite_create("sss_crypto");
@@ -138,6 +170,8 @@ Suite *crypto_suite(void)
#endif
tcase_add_test(tc, test_encrypt_decrypt);
tcase_add_test(tc, test_hmac_sha1);
+ tcase_add_test(tc, test_base64_encode);
+ tcase_add_test(tc, test_base64_decode);
/* Add all test cases to the test suite */
suite_add_tcase(s, tc);
diff --git a/src/util/crypto/libcrypto/crypto_base64.c b/src/util/crypto/libcrypto/crypto_base64.c
index c04914b9..3a119a0e 100644
--- a/src/util/crypto/libcrypto/crypto_base64.c
+++ b/src/util/crypto/libcrypto/crypto_base64.c
@@ -1,6 +1,7 @@
/*
Authors:
Jan Cholasta <jcholast@redhat.com>
+ George McCollister <george.mccollister@gmail.com>
Copyright (C) 2012 Red Hat
@@ -20,18 +21,112 @@
#include "util/util.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
char *sss_base64_encode(TALLOC_CTX *mem_ctx,
const unsigned char *in,
size_t insize)
{
- DEBUG(SSSDBG_CRIT_FAILURE, ("sss_base64_encode not implemented.\n"));
- return NULL;
+ char *b64encoded = NULL, *outbuf = NULL;
+ int i, j, b64size;
+ BIO *bmem, *b64;
+
+ b64 = BIO_new(BIO_f_base64());
+ if (!b64) return NULL;
+
+ BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+ bmem = BIO_new(BIO_s_mem());
+ if (!bmem) goto done;
+
+ b64 = BIO_push(b64, bmem);
+
+ BIO_write(b64, in, insize);
+
+ (void) BIO_flush(b64);
+
+ b64size = BIO_get_mem_data(bmem, &b64encoded);
+ if (b64encoded) {
+ outbuf = talloc_array(mem_ctx, char, b64size+1);
+ if (outbuf == NULL) goto done;
+
+ for (i=0, j=0; i < b64size; i++) {
+ if (b64encoded[i] == '\n' || b64encoded[i] == '\r') {
+ continue;
+ }
+ outbuf[j++] = b64encoded[i];
+ }
+ outbuf[j++] = '\0';
+ }
+
+done:
+ BIO_free_all(b64);
+ return outbuf;
}
unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx,
const char *in,
size_t *outsize)
{
- DEBUG(SSSDBG_CRIT_FAILURE, ("sss_base64_decode not implemented.\n"));
- return NULL;
+ unsigned char *outbuf = NULL;
+ unsigned char *b64decoded = NULL;
+ unsigned char inbuf[512];
+ char * in_dup;
+ int size, inlen = strlen(in);
+ BIO *bmem, *b64, *bmem_out;
+ TALLOC_CTX *tmp_ctx = NULL;
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) {
+ return NULL;
+ }
+
+ in_dup = talloc_size(tmp_ctx, inlen+1);
+ if (!in_dup) goto done;
+ memcpy(in_dup, in, inlen+1);
+
+ b64 = BIO_new(BIO_f_base64());
+ if (!b64) goto done;
+
+ BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+
+ bmem = BIO_new_mem_buf(in_dup, -1);
+ if (!bmem) {
+ BIO_free(b64);
+ goto done;
+ }
+
+ b64 = BIO_push(b64, bmem);
+
+ bmem_out = BIO_new(BIO_s_mem());
+ if (!bmem_out) {
+ BIO_free_all(b64);
+ goto done;
+ }
+
+ while((inlen = BIO_read(b64, inbuf, 512)) > 0)
+ BIO_write(bmem_out, inbuf, inlen);
+
+ (void) BIO_flush(bmem_out);
+
+ size = BIO_get_mem_data(bmem_out, &b64decoded);
+
+ if (b64decoded) {
+ outbuf = talloc_memdup(mem_ctx, b64decoded, size);
+ if (!outbuf) {
+ BIO_free_all(b64);
+ BIO_free(bmem_out);
+ goto done;
+ }
+
+ *outsize = size;
+ } else {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get decoded data\n"));
+ }
+ BIO_free_all(b64);
+ BIO_free(bmem_out);
+
+done:
+ talloc_free(tmp_ctx);
+ return outbuf;
}
diff --git a/src/util/crypto/libcrypto/crypto_hmac_sha1.c b/src/util/crypto/libcrypto/crypto_hmac_sha1.c
index 32acd25a..37d25794 100644
--- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c
+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c
@@ -1,6 +1,7 @@
/*
Authors:
Jan Cholasta <jcholast@redhat.com>
+ George McCollister <george.mccollister@gmail.com>
Copyright (C) 2012 Red Hat
@@ -19,6 +20,11 @@
*/
#include "util/util.h"
+#include "util/crypto/sss_crypto.h"
+
+#include <openssl/evp.h>
+
+#define HMAC_SHA1_BLOCKSIZE 64
int sss_hmac_sha1(const unsigned char *key,
size_t key_len,
@@ -26,6 +32,56 @@ int sss_hmac_sha1(const unsigned char *key,
size_t in_len,
unsigned char *out)
{
- DEBUG(SSSDBG_CRIT_FAILURE, ("sss_hmac_sha1 not implemented.\n"));
- return ENOSYS;
+ int ret;
+ EVP_MD_CTX ctx;
+ unsigned char ikey[HMAC_SHA1_BLOCKSIZE], okey[HMAC_SHA1_BLOCKSIZE];
+ size_t i;
+ unsigned char hash[SSS_SHA1_LENGTH];
+ unsigned int res_len;
+
+ EVP_MD_CTX_init(&ctx);
+
+ if (key_len > HMAC_SHA1_BLOCKSIZE) {
+ /* keys longer than blocksize are shortened */
+ if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) {
+ ret = EIO;
+ goto done;
+ }
+
+ EVP_DigestUpdate(&ctx, (const unsigned char *)key, key_len);
+ EVP_DigestFinal_ex(&ctx, ikey, &res_len);
+ memset(ikey + SSS_SHA1_LENGTH, 0, HMAC_SHA1_BLOCKSIZE - SSS_SHA1_LENGTH);
+ } else {
+ /* keys shorter than blocksize are zero-padded */
+ memcpy(ikey, key, key_len);
+ memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len);
+ }
+
+ /* HMAC(key, msg) = HASH(key XOR opad, HASH(key XOR ipad, msg)) */
+ for (i = 0; i < HMAC_SHA1_BLOCKSIZE; i++) {
+ okey[i] = ikey[i] ^ 0x5c;
+ ikey[i] ^= 0x36;
+ }
+
+ if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) {
+ ret = EIO;
+ goto done;
+ }
+
+ EVP_DigestUpdate(&ctx, (const unsigned char *)ikey, HMAC_SHA1_BLOCKSIZE);
+ EVP_DigestUpdate(&ctx, (const unsigned char *)in, in_len);
+ EVP_DigestFinal_ex(&ctx, hash, &res_len);
+
+ if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) {
+ ret = EIO;
+ goto done;
+ }
+
+ EVP_DigestUpdate(&ctx, (const unsigned char *)okey, HMAC_SHA1_BLOCKSIZE);
+ EVP_DigestUpdate(&ctx, (const unsigned char *)hash, SSS_SHA1_LENGTH);
+ EVP_DigestFinal_ex(&ctx, out, &res_len);
+ ret = EOK;
+done:
+ EVP_MD_CTX_cleanup(&ctx);
+ return ret;
}
diff --git a/src/util/crypto/libcrypto/crypto_obfuscate.c b/src/util/crypto/libcrypto/crypto_obfuscate.c
index 026e993c..e303e8c8 100644
--- a/src/util/crypto/libcrypto/crypto_obfuscate.c
+++ b/src/util/crypto/libcrypto/crypto_obfuscate.c
@@ -1,16 +1,297 @@
+/*
+ SSSD
+
+ Password obfuscation logic
+
+ Authors:
+ George McCollister <george.mccollister@gmail.com>
+
+ Copyright (C) George McCollister 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * READ ME:
+ *
+ * Please note that password obfuscation does not improve security in any
+ * way. It is just a mechanism to make the password human-unreadable. If you
+ * need to secure passwords in your application, you should probably take a
+ * look at storing passwords in NSS-backed database.
+ */
+
+#include "config.h"
#include <talloc.h>
#include <errno.h>
+#include "util/util.h"
#include "util/crypto/sss_crypto.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+#define OBF_BUFFER_SENTINEL "\0\1\2\3"
+#define OBF_BUFFER_SENTINEL_SIZE 4
+
+struct crypto_mech_data {
+ const EVP_CIPHER * (*cipher)(void);
+ uint16_t keylen;
+ uint16_t bsize;
+};
+
+static struct crypto_mech_data cmdata[] = {
+ /* AES with automatic padding, 256b key, 128b block */
+ { EVP_aes_256_cbc, 32, 16 },
+ /* sentinel */
+ { 0, 0, 0 }
+};
+
+static struct crypto_mech_data *get_crypto_mech_data(enum obfmethod meth)
+{
+ if (meth >= NUM_OBFMETHODS) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported cipher type\n"));
+ return NULL;
+ }
+ return &cmdata[meth];
+}
+
int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
enum obfmethod meth, char **obfpwd)
{
- return ENOSYS;
+ int ret;
+ EVP_CIPHER_CTX ctx;
+ struct crypto_mech_data *mech_props;
+ TALLOC_CTX *tmp_ctx = NULL;
+ unsigned char *keybuf;
+ unsigned char *ivbuf;
+ unsigned char *cryptotext;
+ int ct_maxsize;
+ int ctlen = 0;
+ int digestlen = 0;
+ int result_len;
+
+ unsigned char *obfbuf;
+ size_t obufsize = 0;
+ size_t p = 0;
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) {
+ return ENOMEM;
+ }
+
+ EVP_CIPHER_CTX_init(&ctx);
+
+ mech_props = get_crypto_mech_data(meth);
+ if (mech_props == NULL) {
+ ret = EINVAL;
+ goto done;
+ }
+
+ keybuf = talloc_array(tmp_ctx, unsigned char, mech_props->keylen);
+ if (keybuf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ivbuf = talloc_array(tmp_ctx, unsigned char, mech_props->bsize);
+ if (ivbuf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ RAND_bytes(keybuf, mech_props->keylen);
+ RAND_bytes(ivbuf, mech_props->bsize);
+
+ /* cryptotext buffer must be at least len(plaintext)+blocksize */
+ ct_maxsize = plen + (mech_props->bsize);
+ cryptotext = talloc_array(tmp_ctx, unsigned char, ct_maxsize);
+ if (!cryptotext) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ if (!EVP_EncryptInit_ex(&ctx, mech_props->cipher(), 0, keybuf, ivbuf)) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failure to initialize cipher contex\n"));
+ ret = EIO;
+ goto done;
+ }
+
+ /* sample data we'll encrypt and decrypt */
+ if (!EVP_EncryptUpdate(&ctx, cryptotext, &ctlen, (const unsigned char*)password, plen)) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot execute the encryption operation\n"));
+ ret = EIO;
+ goto done;
+ }
+
+ if(!EVP_EncryptFinal_ex(&ctx, cryptotext+ctlen, &digestlen)) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot finialize the encryption operation\n"));
+ ret = EIO;
+ goto done;
+ }
+
+ result_len = ctlen + digestlen;
+
+ /* Pack the obfuscation buffer */
+ /* The buffer consists of:
+ * uint16_t the type of the cipher
+ * uint32_t length of the cryptotext in bytes (clen)
+ * uint8_t[klen] key
+ * uint8_t[blen] IV
+ * uint8_t[clen] cryptotext
+ * 4 bytes of "sentinel" denoting end of the buffer
+ */
+ obufsize = sizeof(uint16_t) + sizeof(uint32_t) +
+ mech_props->keylen + mech_props->bsize +
+ result_len + OBF_BUFFER_SENTINEL_SIZE;
+ obfbuf = talloc_array(tmp_ctx, unsigned char, obufsize);
+ if (!obfbuf) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ DEBUG(SSSDBG_TRACE_FUNC, ("Writing method: %d\n", meth));
+ SAFEALIGN_SET_UINT16(&obfbuf[p], meth, &p);
+ DEBUG(SSSDBG_TRACE_FUNC, ("Writing bufsize: %d\n", result_len));
+ SAFEALIGN_SET_UINT16(&obfbuf[p], result_len, &p);
+ safealign_memcpy(&obfbuf[p], keybuf, mech_props->keylen, &p);
+ safealign_memcpy(&obfbuf[p], ivbuf, mech_props->bsize, &p);
+ safealign_memcpy(&obfbuf[p], cryptotext, result_len, &p);
+ safealign_memcpy(&obfbuf[p], OBF_BUFFER_SENTINEL,
+ OBF_BUFFER_SENTINEL_SIZE, &p);
+
+ /* Base64 encode the resulting buffer */
+ *obfpwd = sss_base64_encode(mem_ctx, obfbuf, obufsize);
+ if (*obfpwd == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = EOK;
+
+done:
+ talloc_free(tmp_ctx);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ return ret;
}
int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
char **password)
{
- return ENOSYS;
+ int ret;
+ EVP_CIPHER_CTX ctx;
+ TALLOC_CTX *tmp_ctx = NULL;
+ struct crypto_mech_data *mech_props;
+
+ int plainlen;
+ int digestlen;
+ unsigned char *obfbuf = NULL;
+ size_t obflen;
+ char *pwdbuf;
+
+ /* for unmarshaling data */
+ uint16_t meth;
+ uint16_t ctsize;
+ size_t p = 0;
+ unsigned char *cryptotext;
+ unsigned char *keybuf;
+ unsigned char *ivbuf;
+ unsigned char sentinel_check[OBF_BUFFER_SENTINEL_SIZE];
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) {
+ return ENOMEM;
+ }
+
+ EVP_CIPHER_CTX_init(&ctx);
+
+ /* Base64 decode the incoming buffer */
+ obfbuf = sss_base64_decode(tmp_ctx, b64encoded, &obflen);
+ if (!obfbuf) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ /* unpack obfuscation buffer */
+ SAFEALIGN_COPY_UINT16_CHECK(&meth, obfbuf+p, obflen, &p);
+ DEBUG(SSSDBG_TRACE_FUNC, ("Read method: %d\n", meth));
+ SAFEALIGN_COPY_UINT16_CHECK(&ctsize, obfbuf+p, obflen, &p);
+ DEBUG(SSSDBG_TRACE_FUNC, ("Read bufsize: %d\n", ctsize));
+
+ mech_props = get_crypto_mech_data(meth);
+ if (mech_props == NULL) {
+ ret = EINVAL;
+ goto done;
+ }
+
+ /* check that we got sane mechanism properties and cryptotext size */
+ memcpy(sentinel_check,
+ obfbuf + p + mech_props->keylen + mech_props->bsize + ctsize,
+ OBF_BUFFER_SENTINEL_SIZE);
+ if (memcmp(sentinel_check, OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE) != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Obfuscation buffer seems corrupt, aborting\n"));
+ ret = EFAULT;
+ goto done;
+ }
+
+ /* copy out key, ivbuf and cryptotext */
+ keybuf = talloc_array(tmp_ctx, unsigned char, mech_props->keylen);
+ if (keybuf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ safealign_memcpy(keybuf, obfbuf+p, mech_props->keylen, &p);
+
+ ivbuf = talloc_array(tmp_ctx, unsigned char, mech_props->bsize);
+ if (ivbuf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ safealign_memcpy(ivbuf, obfbuf+p, mech_props->bsize, &p);
+
+ cryptotext = talloc_array(tmp_ctx, unsigned char, ctsize);
+ if (cryptotext == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ safealign_memcpy(cryptotext, obfbuf+p, ctsize, &p);
+
+ pwdbuf = talloc_array(tmp_ctx, char, ctsize);
+ if (!pwdbuf) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ if (!EVP_DecryptInit_ex(&ctx, mech_props->cipher(), 0, keybuf, ivbuf)) {
+ ret = EIO;
+ goto done;
+ }
+
+ /* sample data we'll encrypt and decrypt */
+ if (!EVP_DecryptUpdate(&ctx, (unsigned char*)pwdbuf, &plainlen, cryptotext, ctsize)) {
+ ret = EIO;
+ goto done;
+ }
+
+ if(!EVP_DecryptFinal_ex(&ctx, (unsigned char*)pwdbuf+plainlen, &digestlen)) {
+ ret = EIO;
+ goto done;
+ }
+
+ *password = talloc_move(mem_ctx, &pwdbuf);
+ ret = EOK;
+done:
+ talloc_free(tmp_ctx);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ return ret;
}
diff --git a/src/util/crypto/libcrypto/crypto_sha512crypt.c b/src/util/crypto/libcrypto/crypto_sha512crypt.c
index 50734318..f4c3e0da 100644
--- a/src/util/crypto/libcrypto/crypto_sha512crypt.c
+++ b/src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -10,6 +10,8 @@
/* SHA512-based Unix crypt implementation.
Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. */
+#include "config.h"
+
#include <endian.h>
#include <errno.h>
#include <limits.h>
@@ -141,7 +143,6 @@ static int sha512_crypt_r(const char *key,
* compatibility with existing implementations). */
EVP_DigestUpdate(&ctx, (const unsigned char *)salt, salt_len);
-
/* Compute alternate SHA512 sum with input KEY, SALT, and KEY.
* The final result will be added to the first context. */
if (!EVP_DigestInit_ex(&alt_ctx, EVP_sha512(), NULL)) {