summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2012-02-03 22:10:17 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-02-07 00:26:57 +0100
commitc7919a4fe41133cc466aa3d9431bfceee5784e7b (patch)
treeead68dc77f21c5c0667560073db23c2a4e728c44
parented44814e0e7ff9f0ef7ffc98fab7d9542a7822df (diff)
downloadsssd-c7919a4fe41133cc466aa3d9431bfceee5784e7b.tar.gz
sssd-c7919a4fe41133cc466aa3d9431bfceee5784e7b.tar.xz
sssd-c7919a4fe41133cc466aa3d9431bfceee5784e7b.zip
UTIL: Provide base64 encoding and decoding functions
-rw-r--r--Makefile.am6
-rw-r--r--src/util/crypto/libcrypto/crypto_base64.c37
-rw-r--r--src/util/crypto/nss/nss_base64.c91
-rw-r--r--src/util/crypto/nss/nss_obfuscate.c39
-rw-r--r--src/util/crypto/sss_crypto.h8
5 files changed, 143 insertions, 38 deletions
diff --git a/Makefile.am b/Makefile.am
index c0b4c7000..e0ad0dcb3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -141,13 +141,15 @@ noinst_LTLIBRARIES = \
libsss_crypt.la
if HAVE_NSS
- SSS_CRYPT_SOURCES = src/util/crypto/nss/nss_sha512crypt.c \
+ SSS_CRYPT_SOURCES = src/util/crypto/nss/nss_base64.c \
+ src/util/crypto/nss/nss_sha512crypt.c \
src/util/crypto/nss/nss_obfuscate.c \
src/util/crypto/nss/nss_util.c
SSS_CRYPT_CFLAGS = $(NSS_CFLAGS)
SSS_CRYPT_LIBS = $(NSS_LIBS)
else
- SSS_CRYPT_SOURCES = src/util/crypto/libcrypto/crypto_sha512crypt.c \
+ SSS_CRYPT_SOURCES = src/util/crypto/libcrypto/crypto_base64.c \
+ src/util/crypto/libcrypto/crypto_sha512crypt.c \
src/util/crypto/libcrypto/crypto_obfuscate.c
SSS_CRYPT_CFLAGS = $(CRYPTO_CFLAGS)
SSS_CRYPT_LIBS = $(CRYPTO_LIBS)
diff --git a/src/util/crypto/libcrypto/crypto_base64.c b/src/util/crypto/libcrypto/crypto_base64.c
new file mode 100644
index 000000000..c04914b94
--- /dev/null
+++ b/src/util/crypto/libcrypto/crypto_base64.c
@@ -0,0 +1,37 @@
+/*
+ Authors:
+ Jan Cholasta <jcholast@redhat.com>
+
+ Copyright (C) 2012 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "util/util.h"
+
+char *sss_base64_encode(TALLOC_CTX *mem_ctx,
+ const unsigned char *in,
+ size_t insize)
+{
+ DEBUG(SSSDBG_CRIT_FAILURE, ("sss_base64_encode not implemented.\n"));
+ return NULL;
+}
+
+unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx,
+ const char *in,
+ size_t *outsize)
+{
+ DEBUG(SSSDBG_CRIT_FAILURE, ("sss_base64_decode not implemented.\n"));
+ return NULL;
+}
diff --git a/src/util/crypto/nss/nss_base64.c b/src/util/crypto/nss/nss_base64.c
new file mode 100644
index 000000000..be3de487f
--- /dev/null
+++ b/src/util/crypto/nss/nss_base64.c
@@ -0,0 +1,91 @@
+/*
+ Authors:
+ Jakub Hrozek <jhrozek@redhat.com>
+
+ Copyright (C) 2012 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <talloc.h>
+
+#include "util/util.h"
+#include "util/crypto/nss/nss_util.h"
+
+#include <base64.h>
+
+/* NSS wraps b64 encoded buffers with CRLF automatically after 64 chars. This
+ * function strips the CRLF double-chars. The buffer can be decoded with plain
+ * NSS calls */
+char *sss_base64_encode(TALLOC_CTX *mem_ctx,
+ const unsigned char *inbuf,
+ size_t inbufsize)
+{
+ int ret;
+ char *b64encoded = NULL;
+ int i, j, b64size;
+ char *outbuf;
+
+ /* initialize NSS if needed */
+ ret = nspr_nss_init();
+ if (ret != EOK) {
+ return NULL;
+ }
+
+ b64encoded = BTOA_DataToAscii(inbuf, inbufsize);
+ if (!b64encoded) return NULL;
+
+ b64size = strlen(b64encoded) + 1;
+ outbuf = talloc_array(mem_ctx, char, b64size);
+ if (outbuf == NULL) {
+ PORT_Free(b64encoded);
+ return NULL;
+ }
+
+ for (i=0, j=0; i < b64size; i++) {
+ if (b64encoded[i] == '\n' || b64encoded[i] == '\r') {
+ continue;
+ }
+ outbuf[j++] = b64encoded[i]; /* will also copy the trailing \0 char */
+ }
+
+ PORT_Free(b64encoded);
+ return outbuf;
+}
+
+unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx,
+ const char *inbuf,
+ size_t *outbufsize)
+{
+ int ret;
+ unsigned char *b64decoded = NULL;
+ unsigned int size;
+ unsigned char *outbuf;
+
+ /* initialize NSS if needed */
+ ret = nspr_nss_init();
+ if (ret != EOK) {
+ return NULL;
+ }
+
+ b64decoded = ATOB_AsciiToData(inbuf, &size);
+ if (!b64decoded) return NULL;
+
+ outbuf = talloc_memdup(mem_ctx, b64decoded, size);
+ PORT_Free(b64decoded);
+ if (!outbuf) return NULL;
+
+ *outbufsize = size;
+ return outbuf;
+}
diff --git a/src/util/crypto/nss/nss_obfuscate.c b/src/util/crypto/nss/nss_obfuscate.c
index db10be606..c0882d4ee 100644
--- a/src/util/crypto/nss/nss_obfuscate.c
+++ b/src/util/crypto/nss/nss_obfuscate.c
@@ -224,38 +224,6 @@ done:
return ret;
}
-/* NSS wraps b64 encoded buffers with CRLF automatically after 64 chars. This
- * function strips the CRLF double-chars. The buffer can be decoded with plain
- * NSS calls */
-static char *b64_encode(TALLOC_CTX *mem_ctx,
- unsigned char *inbuf,
- size_t inbufsize)
-{
- char *b64encoded = NULL;
- int i, j, b64size;
- char *outbuf;
-
- b64encoded = BTOA_DataToAscii(inbuf, inbufsize);
- if (!b64encoded) return NULL;
-
- b64size = strlen(b64encoded) + 1;
- outbuf = talloc_array(mem_ctx, char, b64size);
- if (outbuf == NULL) {
- PORT_Free(b64encoded);
- return NULL;
- }
-
- for (i=0, j=0; i < b64size; i++) {
- if (b64encoded[i] == '\n' || b64encoded[i] == '\r') {
- continue;
- }
- outbuf[j++] = b64encoded[i]; /* will also copy the trailing \0 char */
- }
-
- PORT_Free(b64encoded);
- return outbuf;
-}
-
int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
enum obfmethod meth, char **obfpwd)
{
@@ -383,7 +351,7 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
OBF_BUFFER_SENTINEL_SIZE, &p);
/* Base64 encode the resulting buffer */
- *obfpwd = b64_encode(mem_ctx, obfbuf, obufsize);
+ *obfpwd = sss_base64_encode(mem_ctx, obfbuf, obufsize);
if (*obfpwd == NULL) {
ret = ENOMEM;
goto done;
@@ -408,7 +376,7 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
int plainlen;
unsigned int digestlen;
unsigned char *obfbuf = NULL;
- unsigned int obflen;
+ size_t obflen;
char *pwdbuf;
/* for unmarshaling data */
@@ -433,7 +401,7 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
}
/* Base64 decode the incoming buffer */
- obfbuf = ATOB_AsciiToData(b64encoded, &obflen);
+ obfbuf = sss_base64_decode(tmp_ctx, b64encoded, &obflen);
if (!obfbuf) {
ret = ENOMEM;
goto done;
@@ -531,7 +499,6 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
*password = talloc_move(mem_ctx, &pwdbuf);
ret = EOK;
done:
- PORT_Free(obfbuf);
talloc_free(tmp_ctx);
nspr_nss_cleanup();
return ret;
diff --git a/src/util/crypto/sss_crypto.h b/src/util/crypto/sss_crypto.h
index 66394aeb4..7b3e5e09c 100644
--- a/src/util/crypto/sss_crypto.h
+++ b/src/util/crypto/sss_crypto.h
@@ -11,6 +11,14 @@ enum obfmethod {
int test2(void);
+char *sss_base64_encode(TALLOC_CTX *mem_ctx,
+ const unsigned char *in,
+ size_t insize);
+
+unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx,
+ const char *in,
+ size_t *outsize);
+
int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
enum obfmethod meth, char **obfpwd);