12321902803

Committed 13 Dec 2024 07:34PM UTC coverage: 66.359% (+1.6%) from 64.78%

Build # 12321902803

Build Type

Pull #14970

github

Committed by

web-flow

Commit Message

Merge e3a7df61c into 3dfd8e317

Pull Request Pull Request #14970: boost > std optional

Run Details

26084 of 54744 branches covered (47.65%)

Branch coverage included in aggregate %.

14 of 15 new or added lines in 2 files covered. (93.33%)

1863 existing lines in 52 files now uncovered.

85857 of 113946 relevant lines covered (75.35%)

4412729.59 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

72.24

/pdns/credentials.cc

/*
 * This file is part of PowerDNS or dnsdist.
 * Copyright -- PowerDNS.COM B.V. and its contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * In addition, for the avoidance of any doubt, permission is granted to
 * link this program with OpenSSL and to (re)distribute the binaries
 * produced as the result of such linking.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
#include "config.h"

#include <cmath>
#include <stdexcept>

#ifdef HAVE_LIBSODIUM
#include <sodium.h>
#endif

#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
#include <openssl/evp.h>
#include <openssl/kdf.h>
#include <openssl/opensslv.h>
#include <openssl/rand.h>
#endif

#include <fcntl.h>
#include <sys/stat.h>
#include <unistd.h>

#include "base64.hh"
#include "dns_random.hh"
#include "credentials.hh"
#include "misc.hh"

#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
static size_t const pwhash_max_size = 128U; /* maximum size of the output */
static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */
static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */
static uint64_t const pwhash_max_work_factor = 32768U; /* max N for interactive login purposes */

/* PHC string format, storing N as log2(N) as done by passlib.
   for now we only support one algo but we might have to change that later */
static std::string const pwhash_prefix = "$scrypt$";
static size_t const pwhash_prefix_size = pwhash_prefix.size();
#endif

SensitiveData::SensitiveData(std::string&& data) :
  d_data(std::move(data))
{
  data.clear();
#ifdef HAVE_LIBSODIUM
  sodium_mlock(d_data.data(), d_data.size());
#endif
}

SensitiveData& SensitiveData::operator=(SensitiveData&& rhs) noexcept
{
  d_data = std::move(rhs.d_data);
  rhs.clear();
  return *this;
}

SensitiveData::SensitiveData(size_t bytes)
{
  d_data.resize(bytes);
#ifdef HAVE_LIBSODIUM
  sodium_mlock(d_data.data(), d_data.size());
#endif
}

SensitiveData::~SensitiveData()
{
  clear();
}

void SensitiveData::clear()
{
#ifdef HAVE_LIBSODIUM
  sodium_munlock(d_data.data(), d_data.size());
#endif
  d_data.clear();
}

static std::string hashPasswordInternal([[maybe_unused]] const std::string& password, [[maybe_unused]] const std::string& salt, [[maybe_unused]] uint64_t workFactor, [[maybe_unused]] uint64_t parallelFactor, [[maybe_unused]] uint64_t blockSize)
{
#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
  auto pctx = std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)>(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free);
  if (!pctx) {
    throw std::runtime_error("Error getting a scrypt context to hash the supplied password");
  }

  if (EVP_PKEY_derive_init(pctx.get()) <= 0) {
    throw std::runtime_error("Error intializing the scrypt context to hash the supplied password");
  }

  // OpenSSL 3.0 changed the string arg to const unsigned char*, other versions use const char *
#if OPENSSL_VERSION_MAJOR >= 3
  auto passwordData = reinterpret_cast<const char*>(password.data());
#else
  auto passwordData = reinterpret_cast<const unsigned char*>(password.data());
#endif
  if (EVP_PKEY_CTX_set1_pbe_pass(pctx.get(), passwordData, password.size()) <= 0) {
    throw std::runtime_error("Error adding the password to the scrypt context to hash the supplied password");
  }

  if (EVP_PKEY_CTX_set1_scrypt_salt(pctx.get(), reinterpret_cast<const unsigned char*>(salt.data()), salt.size()) <= 0) {
    throw std::runtime_error("Error adding the salt to the scrypt context to hash the supplied password");
  }

  if (EVP_PKEY_CTX_set_scrypt_N(pctx.get(), workFactor) <= 0) {
    throw std::runtime_error("Error setting the work factor to the scrypt context to hash the supplied password");
  }

  if (EVP_PKEY_CTX_set_scrypt_r(pctx.get(), blockSize) <= 0) {
    throw std::runtime_error("Error setting the block size to the scrypt context to hash the supplied password");
  }

  if (EVP_PKEY_CTX_set_scrypt_p(pctx.get(), parallelFactor) <= 0) {
    throw std::runtime_error("Error setting the parallel factor to the scrypt context to hash the supplied password");
  }

  std::string out;
  out.resize(pwhash_output_size);
  size_t outlen = out.size();

  if (EVP_PKEY_derive(pctx.get(), reinterpret_cast<unsigned char*>(out.data()), &outlen) <= 0 || outlen != pwhash_output_size) {
    throw std::runtime_error("Error deriving the output from the scrypt context to hash the supplied password");
  }

  return out;
#else
  throw std::runtime_error("Hashing support is not available");
#endif
}

static std::string generateRandomSalt()
{
#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
  /* generate a random salt */
  std::string salt;
  salt.resize(pwhash_salt_size);

  if (RAND_bytes(reinterpret_cast<unsigned char*>(salt.data()), salt.size()) != 1) {
    throw std::runtime_error("Error while generating a salt to hash the supplied password");
  }

  return salt;
#else
  throw std::runtime_error("Generating a salted password requires scrypt support in OpenSSL, and it is not available");
#endif
}

std::string hashPassword([[maybe_unused]] const std::string& password, [[maybe_unused]] uint64_t workFactor, [[maybe_unused]] uint64_t parallelFactor, [[maybe_unused]] uint64_t blockSize)
{
#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
  if (workFactor == 0) {
    throw std::runtime_error("Invalid work factor of " + std::to_string(workFactor) + " passed to hashPassword()");
  }

  std::string result;
  result.reserve(pwhash_max_size);

  result.append(pwhash_prefix);
  result.append("ln=");
  result.append(std::to_string(static_cast<uint64_t>(std::log2(workFactor))));
  result.append(",p=");
  result.append(std::to_string(parallelFactor));
  result.append(",r=");
  result.append(std::to_string(blockSize));
  result.append("$");
  auto salt = generateRandomSalt();
  result.append(Base64Encode(salt));
  result.append("$");

  auto out = hashPasswordInternal(password, salt, workFactor, parallelFactor, blockSize);

  result.append(Base64Encode(out));

  return result;
#else
  throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
#endif
}

std::string hashPassword([[maybe_unused]] const std::string& password)
{
#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
  return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize);
#else
  throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
#endif
}

bool verifyPassword([[maybe_unused]] const std::string& binaryHash, [[maybe_unused]] const std::string& salt, [[maybe_unused]] uint64_t workFactor, [[maybe_unused]] uint64_t parallelFactor, [[maybe_unused]] uint64_t blockSize, [[maybe_unused]] const std::string& binaryPassword)
{
#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
  auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize);
  return constantTimeStringEquals(expected, binaryHash);
#else
  throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
#endif
}

/* parse a hashed password in PHC string format */
static void parseHashed([[maybe_unused]] const std::string& hash, [[maybe_unused]] std::string& salt, [[maybe_unused]] std::string& hashedPassword, [[maybe_unused]] uint64_t& workFactor, [[maybe_unused]] uint64_t& parallelFactor, [[maybe_unused]] uint64_t& blockSize)
{
#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
  auto parametersEnd = hash.find('$', pwhash_prefix.size());
  if (parametersEnd == std::string::npos || parametersEnd == hash.size()) {
    throw std::runtime_error("Invalid hashed password format, no parameters");
  }

  auto parametersStr = hash.substr(pwhash_prefix.size(), parametersEnd);
  std::vector<std::string> parameters;
  parameters.reserve(3);
  stringtok(parameters, parametersStr, ",");
  if (parameters.size() != 3) {
    throw std::runtime_error("Invalid hashed password format, expecting 3 parameters, got " + std::to_string(parameters.size()));
  }

  if (!boost::starts_with(parameters.at(0), "ln=")) {
    throw std::runtime_error("Invalid hashed password format, ln= parameter not found");
  }

  if (!boost::starts_with(parameters.at(1), "p=")) {
    throw std::runtime_error("Invalid hashed password format, p= parameter not found");
  }

  if (!boost::starts_with(parameters.at(2), "r=")) {
    throw std::runtime_error("Invalid hashed password format, r= parameter not found");
  }

  auto saltPos = parametersEnd + 1;
  auto saltEnd = hash.find('$', saltPos);
  if (saltEnd == std::string::npos || saltEnd == hash.size()) {
    throw std::runtime_error("Invalid hashed password format");
  }

  try {
    workFactor = pdns::checked_stoi<uint64_t>(parameters.at(0).substr(3));
    workFactor = static_cast<uint64_t>(1) << workFactor;
    if (workFactor > pwhash_max_work_factor) {
      throw std::runtime_error("Invalid work factor of " + std::to_string(workFactor) + " in hashed password string, maximum is " + std::to_string(pwhash_max_work_factor));
    }

    parallelFactor = pdns::checked_stoi<uint64_t>(parameters.at(1).substr(2));
    blockSize = pdns::checked_stoi<uint64_t>(parameters.at(2).substr(2));

    auto b64Salt = hash.substr(saltPos, saltEnd - saltPos);
    salt.reserve(pwhash_salt_size);
    B64Decode(b64Salt, salt);

    if (salt.size() != pwhash_salt_size) {
      throw std::runtime_error("Invalid salt in hashed password string");
    }

    hashedPassword.reserve(pwhash_output_size);
    B64Decode(hash.substr(saltEnd + 1), hashedPassword);

    if (hashedPassword.size() != pwhash_output_size) {
      throw std::runtime_error("Invalid hash in hashed password string");
    }
  }
  catch (const std::exception& e) {
    throw std::runtime_error("Invalid hashed password format, unable to parse parameters");
  }
#endif
}

bool verifyPassword(const std::string& hash, [[maybe_unused]] const std::string& password)
{
  if (!isPasswordHashed(hash)) {
    return false;
  }

#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
  std::string salt;
  std::string hashedPassword;
  uint64_t workFactor = 0;
  uint64_t parallelFactor = 0;
  uint64_t blockSize = 0;
  parseHashed(hash, salt, hashedPassword, workFactor, parallelFactor, blockSize);

  auto expected = hashPasswordInternal(password, salt, workFactor, parallelFactor, blockSize);

  return constantTimeStringEquals(expected, hashedPassword);
#else
  throw std::runtime_error("Verifying a hashed password requires scrypt support in OpenSSL, and it is not available");
#endif
}

bool isPasswordHashed([[maybe_unused]] const std::string& password)
{
#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
  if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) {
    return false;
  }

  if (!boost::starts_with(password, pwhash_prefix)) {
    return false;
  }

  auto parametersEnd = password.find('$', pwhash_prefix.size());
  if (parametersEnd == std::string::npos || parametersEnd == password.size()) {
    return false;
  }

  size_t parametersSize = parametersEnd - pwhash_prefix.size();
  /* ln=X,p=Y,r=Z */
  if (parametersSize < 12) {
    return false;
  }

  auto saltEnd = password.find('$', parametersEnd + 1);
  if (saltEnd == std::string::npos || saltEnd == password.size()) {
    return false;
  }

  /* the salt is base64 encoded so it has to be larger than that */
  if ((saltEnd - parametersEnd - 1) < pwhash_salt_size) {
    return false;
  }

  /* the hash base64 encoded so it has to be larger than that */
  if ((password.size() - saltEnd - 1) < pwhash_output_size) {
    return false;
  }

  return true;
#else
  return false;
#endif
}

/* if the password is in cleartext and hashing is available,
   the hashed form will be kept in memory */
CredentialsHolder::CredentialsHolder(std::string&& password, bool hashPlaintext) :
  d_credentials(std::move(password))
{
  if (isHashingAvailable()) {
    if (!isPasswordHashed(d_credentials.getString())) {
      if (hashPlaintext) {
        d_salt = generateRandomSalt();
        d_workFactor = s_defaultWorkFactor;
        d_parallelFactor = s_defaultParallelFactor;
        d_blockSize = s_defaultBlockSize;
        d_credentials = SensitiveData(hashPasswordInternal(d_credentials.getString(), d_salt, d_workFactor, d_parallelFactor, d_blockSize));
        d_isHashed = true;
      }
    }
    else {
      d_wasHashed = true;
      d_isHashed = true;
      std::string hashedPassword;
      parseHashed(d_credentials.getString(), d_salt, hashedPassword, d_workFactor, d_parallelFactor, d_blockSize);
      d_credentials = SensitiveData(std::move(hashedPassword));
    }
  }

  if (!d_isHashed) {
    d_fallbackHashPerturb = dns_random_uint32();
    d_fallbackHash = burtle(reinterpret_cast<const unsigned char*>(d_credentials.getString().data()), d_credentials.getString().size(), d_fallbackHashPerturb);
  }
}

CredentialsHolder::~CredentialsHolder()
{
  d_fallbackHashPerturb = 0;
  d_fallbackHash = 0;
}

bool CredentialsHolder::matches(const std::string& password) const
{
  if (d_isHashed) {
    return verifyPassword(d_credentials.getString(), d_salt, d_workFactor, d_parallelFactor, d_blockSize, password);
  }
  else {
    uint32_t fallback = burtle(reinterpret_cast<const unsigned char*>(password.data()), password.size(), d_fallbackHashPerturb);
    if (fallback != d_fallbackHash) {
      return false;
    }

    return constantTimeStringEquals(password, d_credentials.getString());
  }
}

bool CredentialsHolder::isHashingAvailable()
{
#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
  return true;
#else
  return false;
#endif
}

#include <csignal>
#include <termios.h>

SensitiveData CredentialsHolder::readFromTerminal()
{
  struct termios term;
  struct termios oterm;
  bool restoreTermSettings = false;
  int termAction = TCSAFLUSH;
#ifdef TCSASOFT
  termAction |= TCSASOFT;
#endif

  FDWrapper input(open("/dev/tty", O_RDONLY));
  if (int(input) != -1) {
    if (tcgetattr(input, &oterm) == 0) {
      memcpy(&term, &oterm, sizeof(term));
      term.c_lflag &= ~(ECHO | ECHONL);
      tcsetattr(input, termAction, &term);
      restoreTermSettings = true;
    }
  }
  else {
    input = FDWrapper(dup(STDIN_FILENO));
    restoreTermSettings = false;
  }

  FDWrapper output(open("/dev/tty", O_WRONLY));
  if (int(output) == -1) {
    output = FDWrapper(dup(STDERR_FILENO));
  }

  struct std::map<int, struct sigaction> signals;
  struct sigaction sa;
  sigemptyset(&sa.sa_mask);
  sa.sa_flags = 0;
  sa.sa_handler = [](int /* s */) {};
  sigaction(SIGALRM, &sa, &signals[SIGALRM]);
  sigaction(SIGHUP, &sa, &signals[SIGHUP]);
  sigaction(SIGINT, &sa, &signals[SIGINT]);
  sigaction(SIGPIPE, &sa, &signals[SIGPIPE]);
  sigaction(SIGQUIT, &sa, &signals[SIGQUIT]);
  sigaction(SIGTERM, &sa, &signals[SIGTERM]);
  sigaction(SIGTSTP, &sa, &signals[SIGTSTP]);
  sigaction(SIGTTIN, &sa, &signals[SIGTTIN]);
  sigaction(SIGTTOU, &sa, &signals[SIGTTOU]);

  std::string buffer;
  /* let's allocate a huge buffer now to prevent reallocation,
     which would leave parts of the buffer around */
  buffer.reserve(512);

  for (;;) {
    char ch = '\0';
    auto got = read(input, &ch, 1);
    if (got == 1 && ch != '\n' && ch != '\r') {
      buffer.push_back(ch);
    }
    else {
      break;
    }
  }

  if (restoreTermSettings) {
    tcsetattr(input, termAction, &oterm);
  }

  for (const auto& sig : signals) {
    sigaction(sig.first, &sig.second, nullptr);
  }

  return SensitiveData(std::move(buffer));
}

1	/*
2	* This file is part of PowerDNS or dnsdist.
3	* Copyright -- PowerDNS.COM B.V. and its contributors
4	*
5	* This program is free software; you can redistribute it and/or modify
6	* it under the terms of version 2 of the GNU General Public License as
7	* published by the Free Software Foundation.
8	*
9	* In addition, for the avoidance of any doubt, permission is granted to
10	* link this program with OpenSSL and to (re)distribute the binaries
11	* produced as the result of such linking.
12	*
13	* This program is distributed in the hope that it will be useful,
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	* GNU General Public License for more details.
17	*
18	* You should have received a copy of the GNU General Public License
19	* along with this program; if not, write to the Free Software
20	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21	*/
22	#include "config.h"
23
24	#include <cmath>
25	#include <stdexcept>
26
27	#ifdef HAVE_LIBSODIUM
28	#include <sodium.h>
29	#endif
30
31	#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
32	#include <openssl/evp.h>
33	#include <openssl/kdf.h>
34	#include <openssl/opensslv.h>
35	#include <openssl/rand.h>
36	#endif
37
38	#include <fcntl.h>
39	#include <sys/stat.h>
40	#include <unistd.h>
41
42	#include "base64.hh"
43	#include "dns_random.hh"
44	#include "credentials.hh"
45	#include "misc.hh"
46
47	#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)
48	static size_t const pwhash_max_size = 128U; /* maximum size of the output */
49	static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */
50	static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */
51	static uint64_t const pwhash_max_work_factor = 32768U; /* max N for interactive login purposes */
52
53	/* PHC string format, storing N as log2(N) as done by passlib.
54	for now we only support one algo but we might have to change that later */
55	static std::string const pwhash_prefix = "$scrypt$";
56	static size_t const pwhash_prefix_size = pwhash_prefix.size();
57	#endif
58
59	SensitiveData::SensitiveData(std::string&& data) :
60	d_data(std::move(data))
61	{	66✔
62	data.clear();	66✔
63	#ifdef HAVE_LIBSODIUM	60✔
64	sodium_mlock(d_data.data(), d_data.size());	60✔
65	#endif	60✔
66	}	66✔
67
68	SensitiveData& SensitiveData::operator=(SensitiveData&& rhs) noexcept
69	{	9✔
70	d_data = std::move(rhs.d_data);	9✔
71	rhs.clear();	9✔
72	return *this;	9✔
73	}	9✔
74
75	SensitiveData::SensitiveData(size_t bytes)
76	{	3✔
77	d_data.resize(bytes);	3✔
78	#ifdef HAVE_LIBSODIUM	2✔
79	sodium_mlock(d_data.data(), d_data.size());	2✔
80	#endif	2✔
81	}	3✔
82
83	SensitiveData::~SensitiveData()
84	{	21✔
85	clear();	21✔
86	}	21✔
87
88	void SensitiveData::clear()
89	{	33✔
90	#ifdef HAVE_LIBSODIUM	22✔
91	sodium_munlock(d_data.data(), d_data.size());	22✔
92	#endif	22✔
93	d_data.clear();	33✔
94	}	33✔
95
96	static std::string hashPasswordInternal([[maybe_unused]] const std::string& password, [[maybe_unused]] const std::string& salt, [[maybe_unused]] uint64_t workFactor, [[maybe_unused]] uint64_t parallelFactor, [[maybe_unused]] uint64_t blockSize)
97	{	42✔
98	#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)	42✔
99	auto pctx = std::unique_ptr<EVP_PKEY_CTX, void ()(EVP_PKEY_CTX)>(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free);	42✔
100	if (!pctx) {	42!
UNCOV 101	throw std::runtime_error("Error getting a scrypt context to hash the supplied password");	×
UNCOV 102	}	×
103
104	if (EVP_PKEY_derive_init(pctx.get()) <= 0) {	42!
UNCOV 105	throw std::runtime_error("Error intializing the scrypt context to hash the supplied password");	×
UNCOV 106	}	×
107
108	// OpenSSL 3.0 changed the string arg to const unsigned char, other versions use const char
109	#if OPENSSL_VERSION_MAJOR >= 3	42✔
110	auto passwordData = reinterpret_cast<const char*>(password.data());	42✔
111	#else
112	auto passwordData = reinterpret_cast<const unsigned char*>(password.data());
113	#endif
114	if (EVP_PKEY_CTX_set1_pbe_pass(pctx.get(), passwordData, password.size()) <= 0) {	42!
UNCOV 115	throw std::runtime_error("Error adding the password to the scrypt context to hash the supplied password");	×
UNCOV 116	}	×
117
118	if (EVP_PKEY_CTX_set1_scrypt_salt(pctx.get(), reinterpret_cast<const unsigned char*>(salt.data()), salt.size()) <= 0) {	42!
UNCOV 119	throw std::runtime_error("Error adding the salt to the scrypt context to hash the supplied password");	×
UNCOV 120	}	×
121
122	if (EVP_PKEY_CTX_set_scrypt_N(pctx.get(), workFactor) <= 0) {	42!
UNCOV 123	throw std::runtime_error("Error setting the work factor to the scrypt context to hash the supplied password");	×
UNCOV 124	}	×
125
126	if (EVP_PKEY_CTX_set_scrypt_r(pctx.get(), blockSize) <= 0) {	42✔
127	throw std::runtime_error("Error setting the block size to the scrypt context to hash the supplied password");	3✔
128	}	3✔
129
130	if (EVP_PKEY_CTX_set_scrypt_p(pctx.get(), parallelFactor) <= 0) {	39✔
131	throw std::runtime_error("Error setting the parallel factor to the scrypt context to hash the supplied password");	3✔
132	}	3✔
133
134	std::string out;	36✔
135	out.resize(pwhash_output_size);	36✔
136	size_t outlen = out.size();	36✔
137
138	if (EVP_PKEY_derive(pctx.get(), reinterpret_cast<unsigned char*>(out.data()), &outlen) <= 0 \|\| outlen != pwhash_output_size) {	36!
UNCOV 139	throw std::runtime_error("Error deriving the output from the scrypt context to hash the supplied password");	×
UNCOV 140	}	×
141
142	return out;	36✔
143	#else
144	throw std::runtime_error("Hashing support is not available");
145	#endif
146	}	36✔
147
148	static std::string generateRandomSalt()
149	{	15✔
150	#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)	15✔
151	/* generate a random salt */
152	std::string salt;	15✔
153	salt.resize(pwhash_salt_size);	15✔
154
155	if (RAND_bytes(reinterpret_cast<unsigned char*>(salt.data()), salt.size()) != 1) {	15!
UNCOV 156	throw std::runtime_error("Error while generating a salt to hash the supplied password");	×
UNCOV 157	}	×
158
159	return salt;	15✔
160	#else
161	throw std::runtime_error("Generating a salted password requires scrypt support in OpenSSL, and it is not available");
162	#endif
163	}	15✔
164
165	std::string hashPassword([[maybe_unused]] const std::string& password, [[maybe_unused]] uint64_t workFactor, [[maybe_unused]] uint64_t parallelFactor, [[maybe_unused]] uint64_t blockSize)
166	{	15✔
167	#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)	15✔
168	if (workFactor == 0) {	15✔
169	throw std::runtime_error("Invalid work factor of " + std::to_string(workFactor) + " passed to hashPassword()");	3✔
170	}	3✔
171
172	std::string result;	12✔
173	result.reserve(pwhash_max_size);	12✔
174
175	result.append(pwhash_prefix);	12✔
176	result.append("ln=");	12✔
177	result.append(std::to_string(static_cast<uint64_t>(std::log2(workFactor))));	12✔
178	result.append(",p=");	12✔
179	result.append(std::to_string(parallelFactor));	12✔
180	result.append(",r=");	12✔
181	result.append(std::to_string(blockSize));	12✔
182	result.append("$");	12✔
183	auto salt = generateRandomSalt();	12✔
184	result.append(Base64Encode(salt));	12✔
185	result.append("$");	12✔
186
187	auto out = hashPasswordInternal(password, salt, workFactor, parallelFactor, blockSize);	12✔
188
189	result.append(Base64Encode(out));	12✔
190
191	return result;	12✔
192	#else
193	throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
194	#endif
195	}	15✔
196
197	std::string hashPassword([[maybe_unused]] const std::string& password)
198	{	3✔
199	#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)	3✔
200	return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize);	3✔
201	#else
202	throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
203	#endif
204	}	3✔
205
206	bool verifyPassword([[maybe_unused]] const std::string& binaryHash, [[maybe_unused]] const std::string& salt, [[maybe_unused]] uint64_t workFactor, [[maybe_unused]] uint64_t parallelFactor, [[maybe_unused]] uint64_t blockSize, [[maybe_unused]] const std::string& binaryPassword)
207	{	12✔
208	#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)	12✔
209	auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize);	12✔
210	return constantTimeStringEquals(expected, binaryHash);	12✔
211	#else
212	throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
213	#endif
214	}	12✔
215
216	/* parse a hashed password in PHC string format */
217	static void parseHashed([[maybe_unused]] const std::string& hash, [[maybe_unused]] std::string& salt, [[maybe_unused]] std::string& hashedPassword, [[maybe_unused]] uint64_t& workFactor, [[maybe_unused]] uint64_t& parallelFactor, [[maybe_unused]] uint64_t& blockSize)
218	{	51✔
219	#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)	51✔
220	auto parametersEnd = hash.find('$', pwhash_prefix.size());	51✔
221	if (parametersEnd == std::string::npos \|\| parametersEnd == hash.size()) {	51!
UNCOV 222	throw std::runtime_error("Invalid hashed password format, no parameters");	×
UNCOV 223	}	×
224
225	auto parametersStr = hash.substr(pwhash_prefix.size(), parametersEnd);	51✔
226	std::vector<std::string> parameters;	51✔
227	parameters.reserve(3);	51✔
228	stringtok(parameters, parametersStr, ",");	51✔
229	if (parameters.size() != 3) {	51✔
230	throw std::runtime_error("Invalid hashed password format, expecting 3 parameters, got " + std::to_string(parameters.size()));	6✔
231	}	6✔
232
233	if (!boost::starts_with(parameters.at(0), "ln=")) {	45✔
234	throw std::runtime_error("Invalid hashed password format, ln= parameter not found");	3✔
235	}	3✔
236
237	if (!boost::starts_with(parameters.at(1), "p=")) {	42✔
238	throw std::runtime_error("Invalid hashed password format, p= parameter not found");	3✔
239	}	3✔
240
241	if (!boost::starts_with(parameters.at(2), "r=")) {	39!
UNCOV 242	throw std::runtime_error("Invalid hashed password format, r= parameter not found");	×
UNCOV 243	}	×
244
245	auto saltPos = parametersEnd + 1;	39✔
246	auto saltEnd = hash.find('$', saltPos);	39✔
247	if (saltEnd == std::string::npos \|\| saltEnd == hash.size()) {	39!
UNCOV 248	throw std::runtime_error("Invalid hashed password format");	×
UNCOV 249	}	×
250
251	try {	39✔
252	workFactor = pdns::checked_stoi<uint64_t>(parameters.at(0).substr(3));	39✔
253	workFactor = static_cast<uint64_t>(1) << workFactor;	39✔
254	if (workFactor > pwhash_max_work_factor) {	39✔
255	throw std::runtime_error("Invalid work factor of " + std::to_string(workFactor) + " in hashed password string, maximum is " + std::to_string(pwhash_max_work_factor));	3✔
256	}	3✔
257
258	parallelFactor = pdns::checked_stoi<uint64_t>(parameters.at(1).substr(2));	36✔
259	blockSize = pdns::checked_stoi<uint64_t>(parameters.at(2).substr(2));	36✔
260
261	auto b64Salt = hash.substr(saltPos, saltEnd - saltPos);	36✔
262	salt.reserve(pwhash_salt_size);	36✔
263	B64Decode(b64Salt, salt);	36✔
264
265	if (salt.size() != pwhash_salt_size) {	36✔
266	throw std::runtime_error("Invalid salt in hashed password string");	6✔
267	}	6✔
268
269	hashedPassword.reserve(pwhash_output_size);	30✔
270	B64Decode(hash.substr(saltEnd + 1), hashedPassword);	30✔
271
272	if (hashedPassword.size() != pwhash_output_size) {	30✔
273	throw std::runtime_error("Invalid hash in hashed password string");	3✔
274	}	3✔
275	}	30✔
276	catch (const std::exception& e) {	39✔
277	throw std::runtime_error("Invalid hashed password format, unable to parse parameters");	21✔
278	}	21✔
279	#endif	39✔
280	}	39✔
281
282	bool verifyPassword(const std::string& hash, [[maybe_unused]] const std::string& password)
283	{	51✔
284	if (!isPasswordHashed(hash)) {	51✔
285	return false;	3✔
286	}	3✔
287
288	#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)	48✔
289	std::string salt;	48✔
290	std::string hashedPassword;	48✔
291	uint64_t workFactor = 0;	48✔
292	uint64_t parallelFactor = 0;	48✔
293	uint64_t blockSize = 0;	48✔
294	parseHashed(hash, salt, hashedPassword, workFactor, parallelFactor, blockSize);	48✔
295
296	auto expected = hashPasswordInternal(password, salt, workFactor, parallelFactor, blockSize);	48✔
297
298	return constantTimeStringEquals(expected, hashedPassword);	48✔
299	#else
300	throw std::runtime_error("Verifying a hashed password requires scrypt support in OpenSSL, and it is not available");
301	#endif
302	}	51✔
303
304	bool isPasswordHashed([[maybe_unused]] const std::string& password)
305	{	156✔
306	#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)	156✔
307	if (password.size() < pwhash_prefix_size \|\| password.size() > pwhash_max_size) {	156✔
308	return false;	26✔
309	}	26✔
310
311	if (!boost::starts_with(password, pwhash_prefix)) {	130✔
312	return false;	46✔
313	}	46✔
314
315	auto parametersEnd = password.find('$', pwhash_prefix.size());	84✔
316	if (parametersEnd == std::string::npos \|\| parametersEnd == password.size()) {	84!
317	return false;	3✔
318	}	3✔
319
320	size_t parametersSize = parametersEnd - pwhash_prefix.size();	81✔
321	/* ln=X,p=Y,r=Z */
322	if (parametersSize < 12) {	81✔
323	return false;	6✔
324	}	6✔
325
326	auto saltEnd = password.find('$', parametersEnd + 1);	75✔
327	if (saltEnd == std::string::npos \|\| saltEnd == password.size()) {	75!
328	return false;	9✔
329	}	9✔
330
331	/* the salt is base64 encoded so it has to be larger than that */
332	if ((saltEnd - parametersEnd - 1) < pwhash_salt_size) {	66✔
333	return false;	3✔
334	}	3✔
335
336	/* the hash base64 encoded so it has to be larger than that */
337	if ((password.size() - saltEnd - 1) < pwhash_output_size) {	63✔
338	return false;	6✔
339	}	6✔
340
341	return true;	57✔
342	#else
343	return false;
344	#endif
345	}	63✔
346
347	/* if the password is in cleartext and hashing is available,
348	the hashed form will be kept in memory */
349	CredentialsHolder::CredentialsHolder(std::string&& password, bool hashPlaintext) :
350	d_credentials(std::move(password))
351	{	57✔
352	if (isHashingAvailable()) {	57!
353	if (!isPasswordHashed(d_credentials.getString())) {	57✔
354	if (hashPlaintext) {	54✔
355	d_salt = generateRandomSalt();	3✔
356	d_workFactor = s_defaultWorkFactor;	3✔
357	d_parallelFactor = s_defaultParallelFactor;	3✔
358	d_blockSize = s_defaultBlockSize;	3✔
359	d_credentials = SensitiveData(hashPasswordInternal(d_credentials.getString(), d_salt, d_workFactor, d_parallelFactor, d_blockSize));	3✔
360	d_isHashed = true;	3✔
361	}	3✔
362	}	54✔
363	else {	3✔
364	d_wasHashed = true;	3✔
365	d_isHashed = true;	3✔
366	std::string hashedPassword;	3✔
367	parseHashed(d_credentials.getString(), d_salt, hashedPassword, d_workFactor, d_parallelFactor, d_blockSize);	3✔
368	d_credentials = SensitiveData(std::move(hashedPassword));	3✔
369	}	3✔
370	}	57✔
371
372	if (!d_isHashed) {	57✔
373	d_fallbackHashPerturb = dns_random_uint32();	51✔
374	d_fallbackHash = burtle(reinterpret_cast<const unsigned char*>(d_credentials.getString().data()), d_credentials.getString().size(), d_fallbackHashPerturb);	51✔
375	}	51✔
376	}	57✔
377
378	CredentialsHolder::~CredentialsHolder()
379	{	9✔
380	d_fallbackHashPerturb = 0;	9✔
381	d_fallbackHash = 0;	9✔
382	}	9✔
383
384	bool CredentialsHolder::matches(const std::string& password) const
385	{	1,598✔
386	if (d_isHashed) {	1,598✔
387	return verifyPassword(d_credentials.getString(), d_salt, d_workFactor, d_parallelFactor, d_blockSize, password);	12✔
388	}	12✔
389	else {	1,586✔
390	uint32_t fallback = burtle(reinterpret_cast<const unsigned char*>(password.data()), password.size(), d_fallbackHashPerturb);	1,586✔
391	if (fallback != d_fallbackHash) {	1,586✔
392	return false;	9✔
393	}	9✔
394
395	return constantTimeStringEquals(password, d_credentials.getString());	1,577✔
396	}	1,586✔
397	}	1,598✔
398
399	bool CredentialsHolder::isHashingAvailable()
400	{	60✔
401	#if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT)	60✔
402	return true;	60✔
403	#else
404	return false;
405	#endif
406	}	60✔
407
408	#include <csignal>
409	#include <termios.h>
410
411	SensitiveData CredentialsHolder::readFromTerminal()
412	{	×
413	struct termios term;	×
414	struct termios oterm;	×
415	bool restoreTermSettings = false;	×
416	int termAction = TCSAFLUSH;	×
417	#ifdef TCSASOFT
418	termAction \|= TCSASOFT;
419	#endif
420
421	FDWrapper input(open("/dev/tty", O_RDONLY));	×
422	if (int(input) != -1) {	×
423	if (tcgetattr(input, &oterm) == 0) {	×
424	memcpy(&term, &oterm, sizeof(term));	×
425	term.c_lflag &= ~(ECHO \| ECHONL);	×
426	tcsetattr(input, termAction, &term);	×
427	restoreTermSettings = true;	×
428	}	×
429	}	×
430	else {	×
431	input = FDWrapper(dup(STDIN_FILENO));	×
432	restoreTermSettings = false;	×
433	}	×
434
435	FDWrapper output(open("/dev/tty", O_WRONLY));	×
436	if (int(output) == -1) {	×
437	output = FDWrapper(dup(STDERR_FILENO));	×
438	}	×
439
440	struct std::map<int, struct sigaction> signals;	×
441	struct sigaction sa;	×
442	sigemptyset(&sa.sa_mask);	×
443	sa.sa_flags = 0;	×
444	sa.sa_handler = [](int /* s */) {};	×
445	sigaction(SIGALRM, &sa, &signals[SIGALRM]);	×
446	sigaction(SIGHUP, &sa, &signals[SIGHUP]);	×
447	sigaction(SIGINT, &sa, &signals[SIGINT]);	×
448	sigaction(SIGPIPE, &sa, &signals[SIGPIPE]);	×
449	sigaction(SIGQUIT, &sa, &signals[SIGQUIT]);	×
450	sigaction(SIGTERM, &sa, &signals[SIGTERM]);	×
451	sigaction(SIGTSTP, &sa, &signals[SIGTSTP]);	×
452	sigaction(SIGTTIN, &sa, &signals[SIGTTIN]);	×
453	sigaction(SIGTTOU, &sa, &signals[SIGTTOU]);	×
454
455	std::string buffer;	×
456	/* let's allocate a huge buffer now to prevent reallocation,
457	which would leave parts of the buffer around */
458	buffer.reserve(512);	×
459
460	for (;;) {	×
461	char ch = '\0';	×
462	auto got = read(input, &ch, 1);	×
463	if (got == 1 && ch != '\n' && ch != '\r') {	×
464	buffer.push_back(ch);	×
465	}	×
466	else {	×
467	break;	×
468	}	×
469	}	×
470
471	if (restoreTermSettings) {	×
472	tcsetattr(input, termAction, &oterm);	×
473	}	×
474
475	for (const auto& sig : signals) {	×
476	sigaction(sig.first, &sig.second, nullptr);	×
477	}	×
478
479	return SensitiveData(std::move(buffer));	×
480	}	×

PowerDNS / pdns / 12321902803

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous