libcrypto fully implemented

Implemented working versions of the following functions for libcrypto:
 sss_base64_encode
 sss_base64_decode
 sss_hmac_sha1
 sss_password_encrypt
 sss_password_decrypt

test_encrypt_decrypt now expects EOK from libcrypto.
test_hmac_sha1 now expects EOK from libcrypto.
Added test_base64_encode to test base64 encoding implementation.
Added test_base64_decode to test base64 decoding implementation.

Signed-off-by: George McCollister <George.McCollister@gmail.com>

4 files changed, 442 insertions, 9 deletions

diff --git a/src/util/crypto/libcrypto/crypto_base64.c b/src/util/crypto/libcrypto/crypto_base64.c
index c04914b9..3a119a0e 100644
--- a/src/util/crypto/libcrypto/crypto_base64.c
+++ b/src/util/crypto/libcrypto/crypto_base64.c
@@ -1,6 +1,7 @@
 /*
     Authors:
         Jan Cholasta <jcholast@redhat.com>
+        George McCollister <george.mccollister@gmail.com>
 
     Copyright (C) 2012 Red Hat
 
@@ -20,18 +21,112 @@
 
 #include "util/util.h"
 
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
 char *sss_base64_encode(TALLOC_CTX *mem_ctx,
                         const unsigned char *in,
                         size_t insize)
 {
-    DEBUG(SSSDBG_CRIT_FAILURE, ("sss_base64_encode not implemented.\n"));
-    return NULL;
+    char *b64encoded = NULL, *outbuf = NULL;
+    int i, j, b64size;
+    BIO *bmem, *b64;
+
+    b64 = BIO_new(BIO_f_base64());
+    if (!b64) return NULL;
+
+    BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+    bmem = BIO_new(BIO_s_mem());
+    if (!bmem) goto done;
+
+    b64 = BIO_push(b64, bmem);
+
+    BIO_write(b64, in, insize);
+
+    (void) BIO_flush(b64);
+
+    b64size = BIO_get_mem_data(bmem, &b64encoded);
+    if (b64encoded) {
+        outbuf = talloc_array(mem_ctx, char, b64size+1);
+        if (outbuf == NULL) goto done;
+
+        for (i=0, j=0; i < b64size; i++) {
+            if (b64encoded[i] == '\n' || b64encoded[i] == '\r') {
+                continue;
+            }
+            outbuf[j++] = b64encoded[i];
+        }
+        outbuf[j++] = '\0';
+    }
+
+done:
+    BIO_free_all(b64);
+    return outbuf;
 }
 
 unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx,
                                  const char *in,
                                  size_t *outsize)
 {
-    DEBUG(SSSDBG_CRIT_FAILURE, ("sss_base64_decode not implemented.\n"));
-    return NULL;
+    unsigned char *outbuf = NULL;
+    unsigned char *b64decoded = NULL;
+    unsigned char inbuf[512];
+    char * in_dup;
+    int size, inlen = strlen(in);
+    BIO *bmem, *b64, *bmem_out;
+    TALLOC_CTX *tmp_ctx = NULL;
+
+    tmp_ctx = talloc_new(NULL);
+    if (!tmp_ctx) {
+        return NULL;
+    }
+
+    in_dup = talloc_size(tmp_ctx, inlen+1);
+    if (!in_dup) goto done;
+    memcpy(in_dup, in, inlen+1);
+
+    b64 = BIO_new(BIO_f_base64());
+    if (!b64) goto done;
+
+    BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+
+    bmem = BIO_new_mem_buf(in_dup, -1);
+    if (!bmem) {
+        BIO_free(b64);
+        goto done;
+    }
+
+    b64 = BIO_push(b64, bmem);
+
+    bmem_out = BIO_new(BIO_s_mem());
+    if (!bmem_out) {
+        BIO_free_all(b64);
+        goto done;
+    }
+
+    while((inlen = BIO_read(b64, inbuf, 512)) > 0)
+        BIO_write(bmem_out, inbuf, inlen);
+
+    (void) BIO_flush(bmem_out);
+
+    size = BIO_get_mem_data(bmem_out, &b64decoded);
+
+    if (b64decoded) {
+        outbuf = talloc_memdup(mem_ctx, b64decoded, size);
+        if (!outbuf) {
+            BIO_free_all(b64);
+            BIO_free(bmem_out);
+            goto done;
+        }
+
+        *outsize = size;
+    } else {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get decoded data\n"));
+    }
+    BIO_free_all(b64);
+    BIO_free(bmem_out);
+
+done:
+    talloc_free(tmp_ctx);
+    return outbuf;
 }
diff --git a/src/util/crypto/libcrypto/crypto_hmac_sha1.c b/src/util/crypto/libcrypto/crypto_hmac_sha1.c
index 32acd25a..37d25794 100644
--- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c
+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c
@@ -1,6 +1,7 @@
 /*
     Authors:
         Jan Cholasta <jcholast@redhat.com>
+        George McCollister <george.mccollister@gmail.com>
 
     Copyright (C) 2012 Red Hat
 
@@ -19,6 +20,11 @@
 */
 
 #include "util/util.h"
+#include "util/crypto/sss_crypto.h"
+
+#include <openssl/evp.h>
+
+#define HMAC_SHA1_BLOCKSIZE 64
 
 int sss_hmac_sha1(const unsigned char *key,
                   size_t key_len,
@@ -26,6 +32,56 @@ int sss_hmac_sha1(const unsigned char *key,
                   size_t in_len,
                   unsigned char *out)
 {
-    DEBUG(SSSDBG_CRIT_FAILURE, ("sss_hmac_sha1 not implemented.\n"));
-    return ENOSYS;
+    int ret;
+    EVP_MD_CTX ctx;
+    unsigned char ikey[HMAC_SHA1_BLOCKSIZE], okey[HMAC_SHA1_BLOCKSIZE];
+    size_t i;
+    unsigned char hash[SSS_SHA1_LENGTH];
+    unsigned int res_len;
+
+    EVP_MD_CTX_init(&ctx);
+
+    if (key_len > HMAC_SHA1_BLOCKSIZE) {
+        /* keys longer than blocksize are shortened */
+        if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) {
+            ret = EIO;
+            goto done;
+        }
+
+        EVP_DigestUpdate(&ctx, (const unsigned char *)key, key_len);
+        EVP_DigestFinal_ex(&ctx, ikey, &res_len);
+        memset(ikey + SSS_SHA1_LENGTH, 0, HMAC_SHA1_BLOCKSIZE - SSS_SHA1_LENGTH);
+    } else {
+        /* keys shorter than blocksize are zero-padded */
+        memcpy(ikey, key, key_len);
+        memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len);
+    }
+
+    /* HMAC(key, msg) = HASH(key XOR opad, HASH(key XOR ipad, msg)) */
+    for (i = 0; i < HMAC_SHA1_BLOCKSIZE; i++) {
+        okey[i] = ikey[i] ^ 0x5c;
+        ikey[i] ^= 0x36;
+    }
+
+    if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) {
+        ret = EIO;
+        goto done;
+    }
+
+    EVP_DigestUpdate(&ctx, (const unsigned char *)ikey, HMAC_SHA1_BLOCKSIZE);
+    EVP_DigestUpdate(&ctx, (const unsigned char *)in, in_len);
+    EVP_DigestFinal_ex(&ctx, hash, &res_len);
+
+    if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) {
+        ret = EIO;
+        goto done;
+    }
+
+    EVP_DigestUpdate(&ctx, (const unsigned char *)okey, HMAC_SHA1_BLOCKSIZE);
+    EVP_DigestUpdate(&ctx, (const unsigned char *)hash, SSS_SHA1_LENGTH);
+    EVP_DigestFinal_ex(&ctx, out, &res_len);
+    ret = EOK;
+done:
+    EVP_MD_CTX_cleanup(&ctx);
+    return ret;
 }
diff --git a/src/util/crypto/libcrypto/crypto_obfuscate.c b/src/util/crypto/libcrypto/crypto_obfuscate.c
index 026e993c..e303e8c8 100644
--- a/src/util/crypto/libcrypto/crypto_obfuscate.c
+++ b/src/util/crypto/libcrypto/crypto_obfuscate.c
@@ -1,16 +1,297 @@
+/*
+   SSSD
+
+   Password obfuscation logic
+
+   Authors:
+       George McCollister <george.mccollister@gmail.com>
+
+   Copyright (C) George McCollister 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * READ ME:
+ *
+ * Please note that password obfuscation does not improve security in any
+ * way. It is just a mechanism to make the password human-unreadable. If you
+ * need to secure passwords in your application, you should probably take a
+ * look at storing passwords in NSS-backed database.
+ */
+
+#include "config.h"
 #include <talloc.h>
 #include <errno.h>
 
+#include "util/util.h"
 #include "util/crypto/sss_crypto.h"
 
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+#define OBF_BUFFER_SENTINEL "\0\1\2\3"
+#define OBF_BUFFER_SENTINEL_SIZE    4
+
+struct crypto_mech_data {
+    const EVP_CIPHER * (*cipher)(void);
+    uint16_t keylen;
+    uint16_t bsize;
+};
+
+static struct crypto_mech_data cmdata[] = {
+    /* AES with automatic padding, 256b key, 128b block */
+    { EVP_aes_256_cbc, 32, 16 },
+    /* sentinel */
+    { 0, 0, 0 }
+};
+
+static struct crypto_mech_data *get_crypto_mech_data(enum obfmethod meth)
+{
+    if (meth >= NUM_OBFMETHODS) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported cipher type\n"));
+        return NULL;
+    }
+    return &cmdata[meth];
+}
+
 int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
                          enum obfmethod meth, char **obfpwd)
 {
-    return ENOSYS;
+    int ret;
+    EVP_CIPHER_CTX ctx;
+    struct crypto_mech_data *mech_props;
+    TALLOC_CTX *tmp_ctx = NULL;
+    unsigned char *keybuf;
+    unsigned char *ivbuf;
+    unsigned char *cryptotext;
+    int ct_maxsize;
+    int ctlen = 0;
+    int digestlen = 0;
+    int result_len;
+
+    unsigned char *obfbuf;
+    size_t obufsize = 0;
+    size_t p = 0;
+
+    tmp_ctx = talloc_new(NULL);
+    if (!tmp_ctx) {
+        return ENOMEM;
+    }
+
+    EVP_CIPHER_CTX_init(&ctx);
+
+    mech_props = get_crypto_mech_data(meth);
+    if (mech_props == NULL) {
+        ret = EINVAL;
+        goto done;
+    }
+
+    keybuf = talloc_array(tmp_ctx, unsigned char, mech_props->keylen);
+    if (keybuf == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    ivbuf = talloc_array(tmp_ctx, unsigned char, mech_props->bsize);
+    if (ivbuf == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    RAND_bytes(keybuf, mech_props->keylen);
+    RAND_bytes(ivbuf, mech_props->bsize);
+
+    /* cryptotext buffer must be at least len(plaintext)+blocksize */
+    ct_maxsize = plen + (mech_props->bsize);
+    cryptotext = talloc_array(tmp_ctx, unsigned char, ct_maxsize);
+    if (!cryptotext) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    if (!EVP_EncryptInit_ex(&ctx, mech_props->cipher(), 0, keybuf, ivbuf)) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Failure to initialize cipher contex\n"));
+        ret = EIO;
+        goto done;
+    }
+
+    /* sample data we'll encrypt and decrypt */
+    if (!EVP_EncryptUpdate(&ctx, cryptotext, &ctlen, (const unsigned char*)password, plen)) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot execute the encryption operation\n"));
+        ret = EIO;
+        goto done;
+    }
+
+    if(!EVP_EncryptFinal_ex(&ctx, cryptotext+ctlen, &digestlen)) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot finialize the encryption operation\n"));
+        ret = EIO;
+        goto done;
+    }
+
+    result_len = ctlen + digestlen;
+
+    /* Pack the obfuscation buffer */
+    /* The buffer consists of:
+     * uint16_t      the type of the cipher
+     * uint32_t      length of the cryptotext in bytes (clen)
+     * uint8_t[klen] key
+     * uint8_t[blen] IV
+     * uint8_t[clen] cryptotext
+     * 4 bytes of "sentinel" denoting end of the buffer
+     */
+    obufsize = sizeof(uint16_t) + sizeof(uint32_t) +
+               mech_props->keylen + mech_props->bsize +
+               result_len + OBF_BUFFER_SENTINEL_SIZE;
+    obfbuf = talloc_array(tmp_ctx, unsigned char, obufsize);
+    if (!obfbuf) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    DEBUG(SSSDBG_TRACE_FUNC, ("Writing method: %d\n", meth));
+    SAFEALIGN_SET_UINT16(&obfbuf[p], meth, &p);
+    DEBUG(SSSDBG_TRACE_FUNC, ("Writing bufsize: %d\n", result_len));
+    SAFEALIGN_SET_UINT16(&obfbuf[p], result_len, &p);
+    safealign_memcpy(&obfbuf[p], keybuf, mech_props->keylen, &p);
+    safealign_memcpy(&obfbuf[p], ivbuf, mech_props->bsize, &p);
+    safealign_memcpy(&obfbuf[p], cryptotext, result_len, &p);
+    safealign_memcpy(&obfbuf[p], OBF_BUFFER_SENTINEL,
+                     OBF_BUFFER_SENTINEL_SIZE, &p);
+
+    /* Base64 encode the resulting buffer */
+    *obfpwd = sss_base64_encode(mem_ctx, obfbuf, obufsize);
+    if (*obfpwd == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    ret = EOK;
+
+done:
+    talloc_free(tmp_ctx);
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    return ret;
 }
 
 int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
                          char **password)
 {
-    return ENOSYS;
+    int ret;
+    EVP_CIPHER_CTX ctx;
+    TALLOC_CTX *tmp_ctx = NULL;
+    struct crypto_mech_data *mech_props;
+
+    int plainlen;
+    int digestlen;
+    unsigned char *obfbuf = NULL;
+    size_t obflen;
+    char *pwdbuf;
+
+    /* for unmarshaling data */
+    uint16_t meth;
+    uint16_t ctsize;
+    size_t p = 0;
+    unsigned char *cryptotext;
+    unsigned char *keybuf;
+    unsigned char *ivbuf;
+    unsigned char sentinel_check[OBF_BUFFER_SENTINEL_SIZE];
+
+    tmp_ctx = talloc_new(NULL);
+    if (!tmp_ctx) {
+        return ENOMEM;
+    }
+
+    EVP_CIPHER_CTX_init(&ctx);
+
+    /* Base64 decode the incoming buffer */
+    obfbuf = sss_base64_decode(tmp_ctx, b64encoded, &obflen);
+    if (!obfbuf) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    /* unpack obfuscation buffer */
+    SAFEALIGN_COPY_UINT16_CHECK(&meth, obfbuf+p, obflen, &p);
+    DEBUG(SSSDBG_TRACE_FUNC, ("Read method: %d\n", meth));
+    SAFEALIGN_COPY_UINT16_CHECK(&ctsize, obfbuf+p, obflen, &p);
+    DEBUG(SSSDBG_TRACE_FUNC, ("Read bufsize: %d\n", ctsize));
+
+    mech_props = get_crypto_mech_data(meth);
+    if (mech_props == NULL) {
+        ret = EINVAL;
+        goto done;
+    }
+
+    /* check that we got sane mechanism properties and cryptotext size */
+    memcpy(sentinel_check,
+           obfbuf + p + mech_props->keylen + mech_props->bsize + ctsize,
+           OBF_BUFFER_SENTINEL_SIZE);
+    if (memcmp(sentinel_check, OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE) != 0) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Obfuscation buffer seems corrupt, aborting\n"));
+        ret = EFAULT;
+        goto done;
+    }
+
+    /* copy out key, ivbuf and cryptotext */
+    keybuf = talloc_array(tmp_ctx, unsigned char, mech_props->keylen);
+    if (keybuf == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+    safealign_memcpy(keybuf, obfbuf+p, mech_props->keylen, &p);
+
+    ivbuf = talloc_array(tmp_ctx, unsigned char, mech_props->bsize);
+    if (ivbuf == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+    safealign_memcpy(ivbuf, obfbuf+p, mech_props->bsize, &p);
+
+    cryptotext = talloc_array(tmp_ctx, unsigned char, ctsize);
+    if (cryptotext == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+    safealign_memcpy(cryptotext, obfbuf+p, ctsize, &p);
+
+    pwdbuf = talloc_array(tmp_ctx, char, ctsize);
+    if (!pwdbuf) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    if (!EVP_DecryptInit_ex(&ctx, mech_props->cipher(), 0, keybuf, ivbuf)) {
+        ret = EIO;
+        goto done;
+    }
+
+    /* sample data we'll encrypt and decrypt */
+    if (!EVP_DecryptUpdate(&ctx, (unsigned char*)pwdbuf, &plainlen, cryptotext, ctsize)) {
+        ret = EIO;
+        goto done;
+    }
+
+    if(!EVP_DecryptFinal_ex(&ctx, (unsigned char*)pwdbuf+plainlen, &digestlen)) {
+        ret = EIO;
+        goto done;
+    }
+
+    *password = talloc_move(mem_ctx, &pwdbuf);
+    ret = EOK;
+done:
+    talloc_free(tmp_ctx);
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    return ret;
 }
diff --git a/src/util/crypto/libcrypto/crypto_sha512crypt.c b/src/util/crypto/libcrypto/crypto_sha512crypt.c
index 50734318..f4c3e0da 100644
--- a/src/util/crypto/libcrypto/crypto_sha512crypt.c
+++ b/src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -10,6 +10,8 @@
 /* SHA512-based Unix crypt implementation.
    Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>.  */
 
+#include "config.h"
+
 #include <endian.h>
 #include <errno.h>
 #include <limits.h>
@@ -141,7 +143,6 @@ static int sha512_crypt_r(const char *key,
      * compatibility with existing implementations). */
     EVP_DigestUpdate(&ctx, (const unsigned char *)salt, salt_len);
 
-
     /* Compute alternate SHA512 sum with input KEY, SALT, and KEY.
      * The final result will be added to the first context. */
     if (!EVP_DigestInit_ex(&alt_ctx, EVP_sha512(), NULL)) {