Permalink
Browse files

sbin/pefs: Use AES128-CTR to encrypt keys in chain database

Add custom AES-CTR implementation until OpenSSL supports CTR mode

NOTE: Backward compatibility is NOT preserved, key chain database should
be recreated
  • Loading branch information...
1 parent 4392151 commit 19e43c8451984b2678c359182b2d66a72e47ed5e @glk committed Dec 18, 2010
Showing with 49 additions and 36 deletions.
  1. +4 −3 lib/libpam/modules/pam_pefs/Makefile
  2. +5 −3 sbin/pefs/Makefile
  3. +40 −30 sbin/pefs/pefs_key.c
@@ -9,15 +9,16 @@ MAN= pam_pefs.8
SRCS= pam_pefs.c
SRCS+= pefs_key.c pefs_keychain.c pefs_subr.c
SRCS+= hmac_sha512.c pkcs5v2.c sha2.c
+SRCS+= rijndael-api.c rijndael-api-fst.c rijndael-alg-fst.c
CFLAGS+= -I${PEFSDIR}
CFLAGS+= -I${SYS}
-DPADD= ${LIBCRYPTO}
-LDADD= -lcrypto
DEBUG=-g
STRIP=
.include <bsd.lib.mk>
-.PATH: ${PEFSDIR} ${SYS}/geom/eli ${SYS}/crypto/hmac ${SYS}/crypto/sha2
+.PATH: ${PEFSDIR}
+.PATH: ${SYS}/geom/eli
+.PATH: ${SYS}/crypto/hmac ${SYS}/crypto/sha2 ${SYS}/crypto/rijndael
View
@@ -1,11 +1,13 @@
# $FreeBSD$
SYS= ${.CURDIR}/../../sys
-.PATH: ${SYS}/geom/eli ${SYS}/crypto/hmac ${SYS}/crypto/sha2
+.PATH: ${SYS}/geom/eli
+.PATH: ${SYS}/crypto/hmac ${SYS}/crypto/rijndael ${SYS}/crypto/sha2
PROG= pefs
SRCS= pefs_ctl.c pefs_key.c pefs_keychain.c pefs_subr.c
SRCS+= hmac_sha512.c sha2.c
+SRCS+= rijndael-api.c rijndael-api-fst.c rijndael-alg-fst.c
SRCS+= pkcs5v2.c
MAN= pefs.8
@@ -14,8 +16,8 @@ CFLAGS+=-I${SYS}
WARNS?= 6
DEBUG_FLAGS+= -g
-DPADD= ${LIBCRYPTO} ${LIBUTIL}
-LDADD= -lcrypto -lutil
+DPADD= ${LIBUTIL}
+LDADD= -lutil
BINDIR?= /sbin
View
@@ -40,13 +40,14 @@ __FBSDID("$FreeBSD$");
#include <fcntl.h>
#include <crypto/hmac/hmac_sha512.h>
+#include <crypto/rijndael/rijndael.h>
#include <fs/pefs/pefs.h>
#include <geom/eli/pkcs5v2.h>
-#include <openssl/evp.h>
-
#include "pefs_ctl.h"
+#define AES_BLOCK_SIZE 16
+
struct algorithm {
const char *name;
uint32_t id;
@@ -72,6 +73,34 @@ static struct algorithm algs[] = {
static char magic_keyid_info[] = "<KEY ID>";
static char magic_enckey_info[] = "<ENCRYPTED KEY>";
+static void
+pefs_aes_ctr(const rijndael_ctx *aes_ctx, const uint8_t *iv,
+ const uint8_t *plaintext, uint8_t *ciphertext, int len)
+{
+ uint8_t ctr[AES_BLOCK_SIZE];
+ uint8_t block[AES_BLOCK_SIZE];
+ int l, i;
+
+ if (iv != NULL)
+ memcpy(ctr, iv, sizeof(ctr));
+ else
+ bzero(ctr, sizeof(ctr));
+
+ while (len > 0) {
+ rijndael_encrypt(aes_ctx, ctr, block);
+ l = (len < AES_BLOCK_SIZE ? len : AES_BLOCK_SIZE);
+ for (i = 0; i < l; i++)
+ *(ciphertext++) = block[i] ^ *(plaintext++);
+ /* Increment counter */
+ for (i = 0; i < AES_BLOCK_SIZE; i++) {
+ ctr[i]++;
+ if (ctr[i] != 0)
+ break;
+ }
+ len -= l;
+ }
+}
+
const char *
pefs_alg_name(struct pefs_xkey *xk)
{
@@ -285,15 +314,13 @@ static int
pefs_key_cipher(struct pefs_xkeyenc *xe, int enc,
const struct pefs_xkey *xk_parent)
{
- const int keysize = 128 / 8;
- const int datasize = sizeof(xe->a);
struct hmac_sha512_ctx hmac_ctx;
- u_char *data = (u_char *) &xe->a;
- EVP_CIPHER_CTX ctx;
- u_char key[PEFS_KEY_SIZE];
- u_char iv[PEFS_KEY_SIZE];
- u_char mac[PEFS_KEYENC_MAC_SIZE];
- int outsize;
+ rijndael_ctx enc_ctx;
+ uint8_t key[PEFS_KEY_SIZE];
+ uint8_t mac[PEFS_KEYENC_MAC_SIZE];
+ uint8_t *data = (uint8_t *) &xe->a;
+ const int datasize = sizeof(xe->a);
+ const int keysize = 128 / 8;
bzero(key, PEFS_KEY_SIZE);
hmac_sha512_init(&hmac_ctx, xk_parent->pxk_key, PEFS_KEY_SIZE);
@@ -311,27 +338,10 @@ pefs_key_cipher(struct pefs_xkeyenc *xe, int enc,
return (PEFS_ERR_INVALID);
}
- EVP_CIPHER_CTX_init(&ctx);
- EVP_CipherInit_ex(&ctx, EVP_aes_128_cfb(), NULL, NULL, NULL, enc);
- EVP_CIPHER_CTX_set_key_length(&ctx, keysize);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
- bzero(iv, sizeof(iv));
- EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, enc);
+ rijndael_set_key(&enc_ctx, key, keysize * 8);
+ pefs_aes_ctr(&enc_ctx, NULL, data, data, datasize);
bzero(key, sizeof(key));
-
- if (EVP_CipherUpdate(&ctx, data, &outsize, data, datasize) == 0) {
- EVP_CIPHER_CTX_cleanup(&ctx);
- return (PEFS_ERR_INVALID);
- }
- assert(outsize == (int)datasize);
-
- if (EVP_CipherFinal_ex(&ctx, data + outsize, &outsize) == 0) {
- EVP_CIPHER_CTX_cleanup(&ctx);
- return (PEFS_ERR_INVALID);
- }
- assert(outsize == 0);
-
- EVP_CIPHER_CTX_cleanup(&ctx);
+ bzero(&enc_ctx, sizeof(enc_ctx));
if (enc) {
hmac_sha512_update(&hmac_ctx, data, datasize);

0 comments on commit 19e43c8

Please sign in to comment.