From 899f3c994fc2c376aa79732577c17c9f42681c94 Mon Sep 17 00:00:00 2001 From: SATOH Fumiyasu Date: Thu, 24 May 2012 10:23:06 +0900 Subject: [PATCH] ITS#7278 SHA-2: Add support salted SHA-2 password hashes Support {SSHA256}, {SSHA384} and {SSHA512} hash schemes --- contrib/slapd-modules/passwd/sha2/README | 50 ++-- .../slapd-modules/passwd/sha2/slapd-sha2.c | 238 +++++++++++++++++- 2 files changed, 256 insertions(+), 32 deletions(-) diff --git a/contrib/slapd-modules/passwd/sha2/README b/contrib/slapd-modules/passwd/sha2/README index 50054e6807..f63ddc60dd 100644 --- a/contrib/slapd-modules/passwd/sha2/README +++ b/contrib/slapd-modules/passwd/sha2/README @@ -1,8 +1,9 @@ -SHA-512 OpenLDAP support ------------------------- +SHA-2 OpenLDAP support +---------------------- -slapd-sha2.c provides support for SHA-512, SHA-384 and SHA-256 hashed passwords in -OpenLDAP. For instance, one could have the LDAP attribute: +slapd-sha2.c provides support for SSHA-512, SSHA-384, SSHA-256, +SHA-512, SHA-384 and SHA-256 hashed passwords in OpenLDAP. For +instance, one could have the LDAP attribute: userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg== @@ -41,13 +42,14 @@ moduleload ...path/to/slapd-sha2.so Configuring ----------- -The {SHA256}, {SHA384} and {SHA512} password schemes should now be recognised. +The {SSHA256}, {SSHA384}, {SSHA512}, {SSHA256}, {SHA384} and {SHA512} +password schemes should now be recognised. You can also tell OpenLDAP to use one of these new schemes when processing LDAP Password Modify Extended Operations, thanks to the password-hash option in slapd.conf. For example: -password-hash {SHA256} +password-hash {SSHA512} Testing @@ -57,7 +59,7 @@ A quick way to test whether it's working is to customize the rootdn and rootpw in slapd.conf, eg: rootdn "cn=admin,dc=example,dc=com" -# This encrypts the string 'secret' +# This encrypts the string 'secret' rootpw {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= @@ -74,7 +76,7 @@ $ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64 K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= $ echo -n "secret" | openssl dgst -sha384 -binary | openssl enc -base64 WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt -$ echo -n "secret" | openssl dgst -sha512 -binary | openssl enc -base64 +$ echo -n "secret" | openssl dgst -sha512 -binary | openssl enc -base64 vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cm W192CF5bDufKRpayrW/isg== @@ -83,22 +85,18 @@ W192CF5bDufKRpayrW/isg== Alternatively we could modify an existing user's password with -ldapmodify, and then test binding as that user: +ldappasswd, and then test binding as that user: -$ ldapmodify -D "cn=admin,dc=example,dc=com" -x -W -Enter LDAP Password: -dn: uid=jturner,ou=People,dc=example,dc=com -changetype: modify -replace: userPassword -userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg== - -modifying entry "uid=jturner,ou=People,dc=example,dc=com" +$ ldappasswd -D "cn=admin,dc=example,dc=com" -x -W -S uid=jturner,ou=People,dc=example,dc=com +New password: secret +Re-enter new password: secret +Enter LDAP Password: $ ldapsearch -b "dc=example,dc=com" -D "uid=jturner,ou=People,dc=example,dc=com" -x -w secret -Debugging ---------- +Debugging (SHA-512, SHA-384 and SHA-256 only) +--------------------------------------------- To see what's going on, recompile with SLAPD_SHA2_DEBUG (use the commented-out CCFLAGS in Makefile), and then run slapd from the console @@ -106,19 +104,17 @@ to see stderr: $ sudo /etc/init.d/slapd stop Stopping OpenLDAP: slapd. -$ sudo /usr/sbin/slapd -f /etc/ldap/slapd.conf -h ldap://localhost:389 -d 256 +$ sudo /usr/sbin/slapd -f /etc/ldap/slapd.conf -h ldap://localhost:389 -d stats @(#) $OpenLDAP$ buildd@palmer:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd -/etc/ldap/slapd.conf: line 123: rootdn is always granted unlimited privileges. -/etc/ldap/slapd.conf: line 140: rootdn is always granted unlimited privileges. slapd starting ... Validating password - Password to validate: secret - Hashes to: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= - Stored password scheme: {SHA256} - Stored password value: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= - -> Passwords match + Hash scheme: {SHA256} + Password to validate: secret + Password hash: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= + Stored password hash: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= + Result: match conn=0 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0 conn=0 op=0 RESULT tag=97 err=0 text= conn=0 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)" diff --git a/contrib/slapd-modules/passwd/sha2/slapd-sha2.c b/contrib/slapd-modules/passwd/sha2/slapd-sha2.c index 63f405089a..99ff7f85ec 100644 --- a/contrib/slapd-modules/passwd/sha2/slapd-sha2.c +++ b/contrib/slapd-modules/passwd/sha2/slapd-sha2.c @@ -18,8 +18,9 @@ * * Hash methods for passwords generation added by Cédric Delfosse. * - * chk_sha*() replaced with libraries/liblutil/passwd.c:chk_sha1() - * implementation to fix a race by SATOH Fumiyasu @ OSS Technology, Inc. + * SSHA256 / SSHA384 / SSHA512 support added, and chk_sha*() replaced + * with libraries/liblutil/passwd.c:chk_sha1() implementation to + * fix a race by SATOH Fumiyasu @ OSS Technology, Inc. */ #include "portable.h" @@ -34,6 +35,37 @@ #include #endif +#define SHA2_SALT_SIZE 8 + +static int hash_ssha256( + const struct berval *scheme, + const struct berval *passwd, + struct berval *hash, + const char **text ) +{ + SHA256_CTX ct; + unsigned char hash256[SHA256_DIGEST_LENGTH]; + char saltdata[SHA2_SALT_SIZE]; + struct berval digest; + struct berval salt; + + digest.bv_val = (char *) hash256; + digest.bv_len = sizeof(hash256); + salt.bv_val = saltdata; + salt.bv_len = sizeof(saltdata); + + if (lutil_entropy((unsigned char *)salt.bv_val, salt.bv_len) < 0) { + return LUTIL_PASSWD_ERR; + } + + SHA256_Init(&ct); + SHA256_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len); + SHA256_Update(&ct, (const uint8_t*)salt.bv_val, salt.bv_len); + SHA256_Final(hash256, &ct); + + return lutil_passwd_string64(scheme, &digest, hash, &salt); +} + static int hash_sha256( const struct berval *scheme, const struct berval *passwd, @@ -53,6 +85,35 @@ static int hash_sha256( return lutil_passwd_string64(scheme, &digest, hash, NULL); } +static int hash_ssha384( + const struct berval *scheme, + const struct berval *passwd, + struct berval *hash, + const char **text ) +{ + SHA384_CTX ct; + unsigned char hash384[SHA384_DIGEST_LENGTH]; + char saltdata[SHA2_SALT_SIZE]; + struct berval digest; + struct berval salt; + + digest.bv_val = (char *) hash384; + digest.bv_len = sizeof(hash384); + salt.bv_val = saltdata; + salt.bv_len = sizeof(saltdata); + + if (lutil_entropy((unsigned char *)salt.bv_val, salt.bv_len) < 0) { + return LUTIL_PASSWD_ERR; + } + + SHA384_Init(&ct); + SHA384_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len); + SHA384_Update(&ct, (const uint8_t*)salt.bv_val, salt.bv_len); + SHA384_Final(hash384, &ct); + + return lutil_passwd_string64(scheme, &digest, hash, &salt); +} + static int hash_sha384( const struct berval *scheme, const struct berval *passwd, @@ -65,9 +126,6 @@ static int hash_sha384( digest.bv_val = (char *) hash384; digest.bv_len = sizeof(hash384); -#ifdef SLAPD_SHA2_DEBUG - fprintf(stderr, "hashing password\n"); -#endif SHA384_Init(&ct); SHA384_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len); SHA384_Final(hash384, &ct); @@ -75,6 +133,35 @@ static int hash_sha384( return lutil_passwd_string64(scheme, &digest, hash, NULL); } +static int hash_ssha512( + const struct berval *scheme, + const struct berval *passwd, + struct berval *hash, + const char **text ) +{ + SHA512_CTX ct; + unsigned char hash512[SHA512_DIGEST_LENGTH]; + char saltdata[SHA2_SALT_SIZE]; + struct berval digest; + struct berval salt; + + digest.bv_val = (char *) hash512; + digest.bv_len = sizeof(hash512); + salt.bv_val = saltdata; + salt.bv_len = sizeof(saltdata); + + if (lutil_entropy((unsigned char *)salt.bv_val, salt.bv_len) < 0) { + return LUTIL_PASSWD_ERR; + } + + SHA512_Init(&ct); + SHA512_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len); + SHA512_Update(&ct, (const uint8_t*)salt.bv_val, salt.bv_len); + SHA512_Final(hash512, &ct); + + return lutil_passwd_string64(scheme, &digest, hash, &salt); +} + static int hash_sha512( const struct berval *scheme, const struct berval *passwd, @@ -133,6 +220,50 @@ static void chk_sha_debug( } #endif +static int chk_ssha256( + const struct berval *scheme, /* Scheme of hashed reference password */ + const struct berval *passwd, /* Hashed reference password to check against */ + const struct berval *cred, /* user-supplied password to check */ + const char **text ) +{ + SHA256_CTX SHAcontext; + unsigned char SHAdigest[SHA256_DIGEST_LENGTH]; + int rc; + unsigned char *orig_pass = NULL; + + /* safety check */ + if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(SHAdigest)) { + return LUTIL_PASSWD_ERR; + } + + /* base64 un-encode password */ + orig_pass = (unsigned char *) ber_memalloc( (size_t) ( + LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) ); + + if( orig_pass == NULL ) return LUTIL_PASSWD_ERR; + + rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len); + + if( rc <= sizeof(SHAdigest) ) { + ber_memfree(orig_pass); + return LUTIL_PASSWD_ERR; + } + + /* hash credentials with salt */ + SHA256_Init(&SHAcontext); + SHA256_Update(&SHAcontext, + (const unsigned char *) cred->bv_val, cred->bv_len); + SHA256_Update(&SHAcontext, + (const unsigned char *) &orig_pass[sizeof(SHAdigest)], + rc - sizeof(SHAdigest)); + SHA256_Final(SHAdigest, &SHAcontext); + + /* compare */ + rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest)); + ber_memfree(orig_pass); + return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; +} + static int chk_sha256( const struct berval *scheme, /* Scheme of hashed reference password */ const struct berval *passwd, /* Hashed reference password to check against */ @@ -177,6 +308,50 @@ static int chk_sha256( return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; } +static int chk_ssha384( + const struct berval *scheme, /* Scheme of hashed reference password */ + const struct berval *passwd, /* Hashed reference password to check against */ + const struct berval *cred, /* user-supplied password to check */ + const char **text ) +{ + SHA384_CTX SHAcontext; + unsigned char SHAdigest[SHA384_DIGEST_LENGTH]; + int rc; + unsigned char *orig_pass = NULL; + + /* safety check */ + if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(SHAdigest)) { + return LUTIL_PASSWD_ERR; + } + + /* base64 un-encode password */ + orig_pass = (unsigned char *) ber_memalloc( (size_t) ( + LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) ); + + if( orig_pass == NULL ) return LUTIL_PASSWD_ERR; + + rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len); + + if( rc <= sizeof(SHAdigest) ) { + ber_memfree(orig_pass); + return LUTIL_PASSWD_ERR; + } + + /* hash credentials with salt */ + SHA384_Init(&SHAcontext); + SHA384_Update(&SHAcontext, + (const unsigned char *) cred->bv_val, cred->bv_len); + SHA384_Update(&SHAcontext, + (const unsigned char *) &orig_pass[sizeof(SHAdigest)], + rc - sizeof(SHAdigest)); + SHA384_Final(SHAdigest, &SHAcontext); + + /* compare */ + rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest)); + ber_memfree(orig_pass); + return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; +} + static int chk_sha384( const struct berval *scheme, /* Scheme of hashed reference password */ const struct berval *passwd, /* Hashed reference password to check against */ @@ -221,6 +396,50 @@ static int chk_sha384( return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; } +static int chk_ssha512( + const struct berval *scheme, /* Scheme of hashed reference password */ + const struct berval *passwd, /* Hashed reference password to check against */ + const struct berval *cred, /* user-supplied password to check */ + const char **text ) +{ + SHA512_CTX SHAcontext; + unsigned char SHAdigest[SHA512_DIGEST_LENGTH]; + int rc; + unsigned char *orig_pass = NULL; + + /* safety check */ + if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(SHAdigest)) { + return LUTIL_PASSWD_ERR; + } + + /* base64 un-encode password */ + orig_pass = (unsigned char *) ber_memalloc( (size_t) ( + LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) ); + + if( orig_pass == NULL ) return LUTIL_PASSWD_ERR; + + rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len); + + if( rc <= sizeof(SHAdigest) ) { + ber_memfree(orig_pass); + return LUTIL_PASSWD_ERR; + } + + /* hash credentials with salt */ + SHA512_Init(&SHAcontext); + SHA512_Update(&SHAcontext, + (const unsigned char *) cred->bv_val, cred->bv_len); + SHA512_Update(&SHAcontext, + (const unsigned char *) &orig_pass[sizeof(SHAdigest)], + rc - sizeof(SHAdigest)); + SHA512_Final(SHAdigest, &SHAcontext); + + /* compare */ + rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest)); + ber_memfree(orig_pass); + return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; +} + static int chk_sha512( const struct berval *scheme, /* Scheme of hashed reference password */ const struct berval *passwd, /* Hashed reference password to check against */ @@ -265,16 +484,25 @@ static int chk_sha512( return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; } +const struct berval ssha256scheme = BER_BVC("{SSHA256}"); const struct berval sha256scheme = BER_BVC("{SHA256}"); +const struct berval ssha384scheme = BER_BVC("{SSHA384}"); const struct berval sha384scheme = BER_BVC("{SHA384}"); +const struct berval ssha512scheme = BER_BVC("{SSHA512}"); const struct berval sha512scheme = BER_BVC("{SHA512}"); int init_module(int argc, char *argv[]) { int result = 0; + result = lutil_passwd_add( (struct berval *)&ssha256scheme, chk_ssha256, hash_ssha256 ); + if (result != 0) return result; result = lutil_passwd_add( (struct berval *)&sha256scheme, chk_sha256, hash_sha256 ); if (result != 0) return result; + result = lutil_passwd_add( (struct berval *)&ssha384scheme, chk_ssha384, hash_ssha384 ); + if (result != 0) return result; result = lutil_passwd_add( (struct berval *)&sha384scheme, chk_sha384, hash_sha384 ); if (result != 0) return result; + result = lutil_passwd_add( (struct berval *)&ssha512scheme, chk_ssha512, hash_ssha512 ); + if (result != 0) return result; result = lutil_passwd_add( (struct berval *)&sha512scheme, chk_sha512, hash_sha512 ); return result; } -- 2.39.5