ITS#7278 SHA-2: Add support salted SHA-2 password hashes

Support {SSHA256}, {SSHA384} and {SSHA512} hash schemes

contrib/slapd-modules/passwd/sha2/README

-SHA-512 OpenLDAP support
-------------------------
+SHA-2 OpenLDAP support
+----------------------
 
-slapd-sha2.c provides support for SHA-512, SHA-384 and SHA-256 hashed passwords in
-OpenLDAP. For instance, one could have the LDAP attribute:
+slapd-sha2.c provides support for SSHA-512, SSHA-384, SSHA-256,
+SHA-512, SHA-384 and SHA-256 hashed passwords in OpenLDAP. For
+instance, one could have the LDAP attribute:
 
 userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==
 
@@ -41,13 +42,14 @@ moduleload ...path/to/slapd-sha2.so
 Configuring
 -----------
 
-The {SHA256}, {SHA384} and {SHA512} password schemes should now be recognised.
+The {SSHA256}, {SSHA384}, {SSHA512}, {SSHA256}, {SHA384} and {SHA512}
+password schemes should now be recognised.
 
 You can also tell OpenLDAP to use one of these new schemes when processing LDAP
 Password Modify Extended Operations, thanks to the password-hash option in
 slapd.conf. For example:
 
-password-hash	{SHA256}
+password-hash	{SSHA512}
 
 
 Testing
@@ -57,7 +59,7 @@ A quick way to test whether it's working is to customize the rootdn and
 rootpw in slapd.conf, eg:
 
 rootdn          "cn=admin,dc=example,dc=com"
-# This encrypts the string 'secret' 
+# This encrypts the string 'secret'
 
 rootpw  {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
 
@@ -74,7 +76,7 @@ $ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64
 K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
 $ echo -n "secret" | openssl dgst -sha384 -binary | openssl enc -base64
 WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt
-$ echo -n "secret" | openssl dgst -sha512 -binary | openssl enc -base64   
+$ echo -n "secret" | openssl dgst -sha512 -binary | openssl enc -base64
 vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cm
 W192CF5bDufKRpayrW/isg==
 
@@ -83,22 +85,18 @@ W192CF5bDufKRpayrW/isg==
 
 
 Alternatively we could modify an existing user's password with
-ldapmodify, and then test binding as that user:
+ldappasswd, and then test binding as that user:
 
-$ ldapmodify -D "cn=admin,dc=example,dc=com" -x -W
-Enter LDAP Password: 
-dn: uid=jturner,ou=People,dc=example,dc=com
-changetype: modify 
-replace: userPassword
-userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==
-
-modifying entry "uid=jturner,ou=People,dc=example,dc=com"
+$ ldappasswd -D "cn=admin,dc=example,dc=com" -x -W -S uid=jturner,ou=People,dc=example,dc=com
+New password: secret
+Re-enter new password: secret
+Enter LDAP Password: <cn=admin's password>
 
 $ ldapsearch -b "dc=example,dc=com" -D "uid=jturner,ou=People,dc=example,dc=com" -x -w secret
 
 
-Debugging
----------
+Debugging (SHA-512, SHA-384 and SHA-256 only)
+---------------------------------------------
 
 To see what's going on, recompile with SLAPD_SHA2_DEBUG (use the
 commented-out CCFLAGS in Makefile), and then run slapd from the console
@@ -106,19 +104,17 @@ to see stderr:
 
 $ sudo /etc/init.d/slapd stop
 Stopping OpenLDAP: slapd.
-$ sudo /usr/sbin/slapd -f /etc/ldap/slapd.conf -h ldap://localhost:389 -d 256
+$ sudo /usr/sbin/slapd -f /etc/ldap/slapd.conf -h ldap://localhost:389 -d stats
 @(#) $OpenLDAP$
         buildd@palmer:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd
-/etc/ldap/slapd.conf: line 123: rootdn is always granted unlimited privileges.
-/etc/ldap/slapd.conf: line 140: rootdn is always granted unlimited privileges.
 slapd starting
 ...
 Validating password
-  Password to validate: secret
-  Hashes to: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
-  Stored password scheme: {SHA256}
-  Stored password value: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
-  -> Passwords match
+  Hash scheme:		{SHA256}
+  Password to validate:	secret
+  Password hash:	K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+  Stored password hash: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+  Result:		match
 conn=0 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
 conn=0 op=0 RESULT tag=97 err=0 text=
 conn=0 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)"

contrib/slapd-modules/passwd/sha2/slapd-sha2.c

@@ -18,8 +18,9 @@
  *
  * Hash methods for passwords generation added by Cédric Delfosse.
  *
- * chk_sha*() replaced with libraries/liblutil/passwd.c:chk_sha1()
- * implementation to fix a race by SATOH Fumiyasu @ OSS Technology, Inc.
+ * SSHA256 / SSHA384 / SSHA512 support added, and chk_sha*() replaced
+ * with libraries/liblutil/passwd.c:chk_sha1() implementation to
+ * fix a race by SATOH Fumiyasu @ OSS Technology, Inc.
  */
 
 #include "portable.h"
@@ -34,6 +35,37 @@
 #include <stdio.h>
 #endif
 
+#define SHA2_SALT_SIZE 8
+
+static int hash_ssha256(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text )
+{
+	SHA256_CTX ct;
+	unsigned char hash256[SHA256_DIGEST_LENGTH];
+	char          saltdata[SHA2_SALT_SIZE];
+	struct berval digest;
+	struct berval salt;
+
+	digest.bv_val = (char *) hash256;
+	digest.bv_len = sizeof(hash256);
+	salt.bv_val = saltdata;
+	salt.bv_len = sizeof(saltdata);
+
+	if (lutil_entropy((unsigned char *)salt.bv_val, salt.bv_len) < 0) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	SHA256_Init(&ct);
+	SHA256_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+	SHA256_Update(&ct, (const uint8_t*)salt.bv_val, salt.bv_len);
+	SHA256_Final(hash256, &ct);
+
+	return lutil_passwd_string64(scheme, &digest, hash, &salt);
+}
+
 static int hash_sha256(
 	const struct berval *scheme,
 	const struct berval *passwd,
@@ -53,6 +85,35 @@ static int hash_sha256(
 	return lutil_passwd_string64(scheme, &digest, hash, NULL);
 }
 
+static int hash_ssha384(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text )
+{
+	SHA384_CTX ct;
+	unsigned char hash384[SHA384_DIGEST_LENGTH];
+	char          saltdata[SHA2_SALT_SIZE];
+	struct berval digest;
+	struct berval salt;
+
+	digest.bv_val = (char *) hash384;
+	digest.bv_len = sizeof(hash384);
+	salt.bv_val = saltdata;
+	salt.bv_len = sizeof(saltdata);
+
+	if (lutil_entropy((unsigned char *)salt.bv_val, salt.bv_len) < 0) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	SHA384_Init(&ct);
+	SHA384_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+	SHA384_Update(&ct, (const uint8_t*)salt.bv_val, salt.bv_len);
+	SHA384_Final(hash384, &ct);
+
+	return lutil_passwd_string64(scheme, &digest, hash, &salt);
+}
+
 static int hash_sha384(
 	const struct berval *scheme,
 	const struct berval *passwd,
@@ -65,9 +126,6 @@ static int hash_sha384(
 	digest.bv_val = (char *) hash384;
 	digest.bv_len = sizeof(hash384);
 
-#ifdef SLAPD_SHA2_DEBUG
-	fprintf(stderr, "hashing password\n");
-#endif
 	SHA384_Init(&ct);
 	SHA384_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
 	SHA384_Final(hash384, &ct);
@@ -75,6 +133,35 @@ static int hash_sha384(
 	return lutil_passwd_string64(scheme, &digest, hash, NULL);
 }
 
+static int hash_ssha512(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text )
+{
+	SHA512_CTX ct;
+	unsigned char hash512[SHA512_DIGEST_LENGTH];
+	char          saltdata[SHA2_SALT_SIZE];
+	struct berval digest;
+	struct berval salt;
+
+	digest.bv_val = (char *) hash512;
+	digest.bv_len = sizeof(hash512);
+	salt.bv_val = saltdata;
+	salt.bv_len = sizeof(saltdata);
+
+	if (lutil_entropy((unsigned char *)salt.bv_val, salt.bv_len) < 0) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	SHA512_Init(&ct);
+	SHA512_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+	SHA512_Update(&ct, (const uint8_t*)salt.bv_val, salt.bv_len);
+	SHA512_Final(hash512, &ct);
+
+	return lutil_passwd_string64(scheme, &digest, hash, &salt);
+}
+
 static int hash_sha512(
 	const struct berval *scheme,
 	const struct berval *passwd,
@@ -133,6 +220,50 @@ static void chk_sha_debug(
 }
 #endif
 
+static int chk_ssha256(
+	const struct berval *scheme, /* Scheme of hashed reference password */
+	const struct berval *passwd, /* Hashed reference password to check against */
+	const struct berval *cred, /* user-supplied password to check */
+	const char **text )
+{
+	SHA256_CTX SHAcontext;
+	unsigned char SHAdigest[SHA256_DIGEST_LENGTH];
+	int rc;
+	unsigned char *orig_pass = NULL;
+
+	/* safety check */
+	if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(SHAdigest)) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* base64 un-encode password */
+	orig_pass = (unsigned char *) ber_memalloc( (size_t) (
+		LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
+
+	if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+	rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
+
+	if( rc <= sizeof(SHAdigest) ) {
+		ber_memfree(orig_pass);
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* hash credentials with salt */
+	SHA256_Init(&SHAcontext);
+	SHA256_Update(&SHAcontext,
+		(const unsigned char *) cred->bv_val, cred->bv_len);
+	SHA256_Update(&SHAcontext,
+		(const unsigned char *) &orig_pass[sizeof(SHAdigest)],
+		rc - sizeof(SHAdigest));
+	SHA256_Final(SHAdigest, &SHAcontext);
+
+	/* compare */
+	rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest));
+	ber_memfree(orig_pass);
+	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
 static int chk_sha256(
 	const struct berval *scheme, /* Scheme of hashed reference password */
 	const struct berval *passwd, /* Hashed reference password to check against */
@@ -177,6 +308,50 @@ static int chk_sha256(
 	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
 }
 
+static int chk_ssha384(
+	const struct berval *scheme, /* Scheme of hashed reference password */
+	const struct berval *passwd, /* Hashed reference password to check against */
+	const struct berval *cred, /* user-supplied password to check */
+	const char **text )
+{
+	SHA384_CTX SHAcontext;
+	unsigned char SHAdigest[SHA384_DIGEST_LENGTH];
+	int rc;
+	unsigned char *orig_pass = NULL;
+
+	/* safety check */
+	if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(SHAdigest)) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* base64 un-encode password */
+	orig_pass = (unsigned char *) ber_memalloc( (size_t) (
+		LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
+
+	if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+	rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
+
+	if( rc <= sizeof(SHAdigest) ) {
+		ber_memfree(orig_pass);
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* hash credentials with salt */
+	SHA384_Init(&SHAcontext);
+	SHA384_Update(&SHAcontext,
+		(const unsigned char *) cred->bv_val, cred->bv_len);
+	SHA384_Update(&SHAcontext,
+		(const unsigned char *) &orig_pass[sizeof(SHAdigest)],
+		rc - sizeof(SHAdigest));
+	SHA384_Final(SHAdigest, &SHAcontext);
+
+	/* compare */
+	rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest));
+	ber_memfree(orig_pass);
+	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
 static int chk_sha384(
 	const struct berval *scheme, /* Scheme of hashed reference password */
 	const struct berval *passwd, /* Hashed reference password to check against */
@@ -221,6 +396,50 @@ static int chk_sha384(
 	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
 }
 
+static int chk_ssha512(
+	const struct berval *scheme, /* Scheme of hashed reference password */
+	const struct berval *passwd, /* Hashed reference password to check against */
+	const struct berval *cred, /* user-supplied password to check */
+	const char **text )
+{
+	SHA512_CTX SHAcontext;
+	unsigned char SHAdigest[SHA512_DIGEST_LENGTH];
+	int rc;
+	unsigned char *orig_pass = NULL;
+
+	/* safety check */
+	if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(SHAdigest)) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* base64 un-encode password */
+	orig_pass = (unsigned char *) ber_memalloc( (size_t) (
+		LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
+
+	if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+	rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
+
+	if( rc <= sizeof(SHAdigest) ) {
+		ber_memfree(orig_pass);
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* hash credentials with salt */
+	SHA512_Init(&SHAcontext);
+	SHA512_Update(&SHAcontext,
+		(const unsigned char *) cred->bv_val, cred->bv_len);
+	SHA512_Update(&SHAcontext,
+		(const unsigned char *) &orig_pass[sizeof(SHAdigest)],
+		rc - sizeof(SHAdigest));
+	SHA512_Final(SHAdigest, &SHAcontext);
+
+	/* compare */
+	rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest));
+	ber_memfree(orig_pass);
+	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
 static int chk_sha512(
 	const struct berval *scheme, /* Scheme of hashed reference password */
 	const struct berval *passwd, /* Hashed reference password to check against */
@@ -265,16 +484,25 @@ static int chk_sha512(
 	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
 }
 
+const struct berval ssha256scheme = BER_BVC("{SSHA256}");
 const struct berval sha256scheme = BER_BVC("{SHA256}");
+const struct berval ssha384scheme = BER_BVC("{SSHA384}");
 const struct berval sha384scheme = BER_BVC("{SHA384}");
+const struct berval ssha512scheme = BER_BVC("{SSHA512}");
 const struct berval sha512scheme = BER_BVC("{SHA512}");
 
 int init_module(int argc, char *argv[]) {
 	int result = 0;
+	result = lutil_passwd_add( (struct berval *)&ssha256scheme, chk_ssha256, hash_ssha256 );
+	if (result != 0) return result;
 	result = lutil_passwd_add( (struct berval *)&sha256scheme, chk_sha256, hash_sha256 );
 	if (result != 0) return result;
+	result = lutil_passwd_add( (struct berval *)&ssha384scheme, chk_ssha384, hash_ssha384 );
+	if (result != 0) return result;
 	result = lutil_passwd_add( (struct berval *)&sha384scheme, chk_sha384, hash_sha384 );
 	if (result != 0) return result;
+	result = lutil_passwd_add( (struct berval *)&ssha512scheme, chk_ssha512, hash_ssha512 );
+	if (result != 0) return result;
 	result = lutil_passwd_add( (struct berval *)&sha512scheme, chk_sha512, hash_sha512 );
 	return result;
 }