407 lines
13 KiB
Diff
407 lines
13 KiB
Diff
From 3c4949e1436473644836f0c4634b809c7526c43a Mon Sep 17 00:00:00 2001
|
|
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
|
|
Date: Thu, 10 Jun 2021 15:32:48 +0200
|
|
Subject: [PATCH 1/3] use encrypted JWTs for storing encrypted cache contents
|
|
|
|
- avoid using static AAD/IV; thanks @niebardzo
|
|
- bump to 2.4.9-dev
|
|
|
|
Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
|
|
---
|
|
ChangeLog | 4 +
|
|
src/cache/common.c | 331 ++++----------------------------------
|
|
|
|
diff --git a/ChangeLog b/ChangeLog
|
|
index 075f98d..b4ab0a1 100644
|
|
--- a/ChangeLog
|
|
+++ b/ChangeLog
|
|
@@ -1,3 +1,7 @@
|
|
+06/10/2021
|
|
+- use encrypted JWTs for storing encrypted cache contents and avoid using static AAD/IV; thanks @niebardzo
|
|
+- bump to 2.4.9-dev
|
|
+
|
|
09/03/2020
|
|
- add SameSite attribute on cookie clearance / logout; thanks @v0gler
|
|
- bump to 2.4.4.1
|
|
diff --git a/src/cache/common.c b/src/cache/common.c
|
|
index c33876a..e665370 100644
|
|
--- a/src/cache/common.c
|
|
+++ b/src/cache/common.c
|
|
@@ -229,324 +229,59 @@ apr_byte_t oidc_cache_mutex_destroy(server_rec *s, oidc_cache_mutex_t *m) {
|
|
return rv;
|
|
}
|
|
|
|
-#define oidc_cache_crypto_openssl_error(r, fmt, ...) \
|
|
- oidc_error(r, "%s: %s", apr_psprintf(r->pool, fmt, ##__VA_ARGS__), ERR_error_string(ERR_get_error(), NULL))
|
|
-
|
|
-#define OIDC_CACHE_CIPHER EVP_aes_256_gcm()
|
|
-#define OIDC_CACHE_TAG_LEN 16
|
|
-
|
|
-#if (OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER))
|
|
-#define OIDC_CACHE_CRYPTO_GET_TAG EVP_CTRL_AEAD_GET_TAG
|
|
-#define OIDC_CACHE_CRYPTO_SET_TAG EVP_CTRL_AEAD_SET_TAG
|
|
-#define OIDC_CACHE_CRYPTO_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
|
|
-#else
|
|
-#define OIDC_CACHE_CRYPTO_GET_TAG EVP_CTRL_GCM_GET_TAG
|
|
-#define OIDC_CACHE_CRYPTO_SET_TAG EVP_CTRL_GCM_SET_TAG
|
|
-#define OIDC_CACHE_CRYPTO_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
|
|
-#endif
|
|
+#define OIDC_CACHE_CRYPTO_JSON_KEY "c"
|
|
|
|
/*
|
|
- * AES GCM encrypt
|
|
+ * AES GCM encrypt using the crypto passphrase as symmetric key
|
|
*/
|
|
-static int oidc_cache_crypto_encrypt_impl(request_rec *r,
|
|
- unsigned char *plaintext, int plaintext_len, const unsigned char *aad,
|
|
- int aad_len, unsigned char *key, const unsigned char *iv, int iv_len,
|
|
- unsigned char *ciphertext, const unsigned char *tag, int tag_len) {
|
|
- EVP_CIPHER_CTX *ctx;
|
|
-
|
|
- int len;
|
|
-
|
|
- int ciphertext_len;
|
|
-
|
|
- /* create and initialize the context */
|
|
- if (!(ctx = EVP_CIPHER_CTX_new())) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_CIPHER_CTX_new");
|
|
- return -1;
|
|
- }
|
|
-
|
|
- /* initialize the encryption cipher */
|
|
- if (!EVP_EncryptInit_ex(ctx, OIDC_CACHE_CIPHER, NULL, NULL, NULL)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_EncryptInit_ex");
|
|
- return -1;
|
|
- }
|
|
-
|
|
- /* set IV length */
|
|
- if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_SET_IVLEN, iv_len, NULL)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_CIPHER_CTX_ctrl");
|
|
- return -1;
|
|
- }
|
|
-
|
|
- /* initialize key and IV */
|
|
- if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_EncryptInit_ex");
|
|
- return -1;
|
|
- }
|
|
-
|
|
- /* provide AAD data */
|
|
- if (!EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_DecryptUpdate aad: aad_len=%d",
|
|
- aad_len);
|
|
- return -1;
|
|
- }
|
|
-
|
|
- /* provide the message to be encrypted and obtain the encrypted output */
|
|
- if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_EncryptUpdate ciphertext");
|
|
- return -1;
|
|
- }
|
|
- ciphertext_len = len;
|
|
-
|
|
- /*
|
|
- * finalize the encryption; normally ciphertext bytes may be written at
|
|
- * this stage, but this does not occur in GCM mode
|
|
- */
|
|
- if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_EncryptFinal_ex");
|
|
- return -1;
|
|
- }
|
|
- ciphertext_len += len;
|
|
-
|
|
- /* get the tag */
|
|
- if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_GET_TAG, tag_len,
|
|
- (void *) tag)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_CIPHER_CTX_ctrl");
|
|
- return -1;
|
|
- }
|
|
-
|
|
- /* clean up */
|
|
- EVP_CIPHER_CTX_free(ctx);
|
|
-
|
|
- return ciphertext_len;
|
|
-}
|
|
-
|
|
-/*
|
|
- * AES GCM decrypt
|
|
- */
|
|
-static int oidc_cache_crypto_decrypt_impl(request_rec *r,
|
|
- unsigned char *ciphertext, int ciphertext_len, const unsigned char *aad,
|
|
- int aad_len, const unsigned char *tag, int tag_len, unsigned char *key,
|
|
- const unsigned char *iv, int iv_len, unsigned char *plaintext) {
|
|
- EVP_CIPHER_CTX *ctx;
|
|
- int len;
|
|
- int plaintext_len;
|
|
- int ret;
|
|
-
|
|
- /* create and initialize the context */
|
|
- if (!(ctx = EVP_CIPHER_CTX_new())) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_CIPHER_CTX_new");
|
|
- return -1;
|
|
- }
|
|
-
|
|
- /* initialize the decryption cipher */
|
|
- if (!EVP_DecryptInit_ex(ctx, OIDC_CACHE_CIPHER, NULL, NULL, NULL)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_DecryptInit_ex");
|
|
- return -1;
|
|
- }
|
|
-
|
|
- /* set IV length */
|
|
- if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_SET_IVLEN, iv_len, NULL)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_CIPHER_CTX_ctrl");
|
|
- return -1;
|
|
- }
|
|
-
|
|
- /* initialize key and IV */
|
|
- if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_DecryptInit_ex");
|
|
- return -1;
|
|
- }
|
|
-
|
|
- /* provide AAD data */
|
|
- if (!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_DecryptUpdate aad: aad_len=%d",
|
|
- aad_len);
|
|
- return -1;
|
|
- }
|
|
-
|
|
- /* provide the message to be decrypted and obtain the plaintext output */
|
|
- if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_DecryptUpdate ciphertext");
|
|
- return -1;
|
|
- }
|
|
- plaintext_len = len;
|
|
-
|
|
- /* set expected tag value; works in OpenSSL 1.0.1d and later */
|
|
- if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_SET_TAG, tag_len,
|
|
- (void *) tag)) {
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_CIPHER_CTX_ctrl");
|
|
- return -1;
|
|
- }
|
|
+static apr_byte_t oidc_cache_crypto_encrypt(request_rec *r, const char *plaintext, const char *key,
|
|
+ char **result) {
|
|
+ apr_byte_t rv = FALSE;
|
|
+ json_t *json = NULL;
|
|
|
|
- /*
|
|
- * finalize the decryption; a positive return value indicates success,
|
|
- * anything else is a failure - the plaintext is not trustworthy
|
|
- */
|
|
- ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
|
|
+ json = json_object();
|
|
+ json_object_set_new(json, OIDC_CACHE_CRYPTO_JSON_KEY, json_string(plaintext));
|
|
|
|
- /* clean up */
|
|
- EVP_CIPHER_CTX_free(ctx);
|
|
-
|
|
- if (ret > 0) {
|
|
- /* success */
|
|
- plaintext_len += len;
|
|
- return plaintext_len;
|
|
- } else {
|
|
- /* verify failed */
|
|
- oidc_cache_crypto_openssl_error(r, "EVP_DecryptFinal_ex");
|
|
- return -1;
|
|
- }
|
|
-}
|
|
+ rv = oidc_util_jwt_create(r, (const char*) key, json, result);
|
|
|
|
-/*
|
|
- * static AAD value for encryption/decryption
|
|
- */
|
|
-static const unsigned char OIDC_CACHE_CRYPTO_GCM_AAD[] = { 0x4d, 0x23, 0xc3,
|
|
- 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43, 0x7f, 0xec, 0x78,
|
|
- 0xde };
|
|
+ if (json)
|
|
+ json_decref(json);
|
|
|
|
-/*
|
|
- * static IV value for encryption/decryption
|
|
- */
|
|
-static const unsigned char OIDC_CACHE_CRYPTO_GCM_IV[] = { 0x00, 0x01, 0x02,
|
|
- 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
|
|
- 0x0f };
|
|
-
|
|
-/*
|
|
- * AES GCM encrypt using the static AAD and IV
|
|
- */
|
|
-static int oidc_cache_crypto_encrypt(request_rec *r, const char *plaintext,
|
|
- unsigned char *key, char **result) {
|
|
- char *encoded = NULL, *p = NULL, *e_tag = NULL;
|
|
- unsigned char *ciphertext = NULL;
|
|
- int plaintext_len, ciphertext_len, encoded_len, e_tag_len;
|
|
- unsigned char tag[OIDC_CACHE_TAG_LEN];
|
|
-
|
|
- /* allocate space for the ciphertext */
|
|
- plaintext_len = strlen(plaintext) + 1;
|
|
- ciphertext = apr_pcalloc(r->pool,
|
|
- (plaintext_len + EVP_CIPHER_block_size(OIDC_CACHE_CIPHER)));
|
|
-
|
|
- ciphertext_len = oidc_cache_crypto_encrypt_impl(r,
|
|
- (unsigned char *) plaintext, plaintext_len,
|
|
- OIDC_CACHE_CRYPTO_GCM_AAD, sizeof(OIDC_CACHE_CRYPTO_GCM_AAD), key,
|
|
- OIDC_CACHE_CRYPTO_GCM_IV, sizeof(OIDC_CACHE_CRYPTO_GCM_IV),
|
|
- ciphertext, tag, sizeof(tag));
|
|
-
|
|
- /* base64url encode the resulting ciphertext */
|
|
- encoded_len = oidc_base64url_encode(r, &encoded, (const char *) ciphertext,
|
|
- ciphertext_len, 1);
|
|
- if (encoded_len > 0) {
|
|
- p = encoded;
|
|
-
|
|
- /* now allocated space for the concatenated base64url encoded ciphertext and tag */
|
|
- encoded = apr_pcalloc(r->pool,
|
|
- encoded_len + 1 + OIDC_CACHE_TAG_LEN + 1);
|
|
- memcpy(encoded, p, encoded_len);
|
|
- p = encoded + encoded_len;
|
|
- *p = OIDC_CHAR_DOT;
|
|
- p++;
|
|
-
|
|
- /* base64url encode the tag and append it in the buffer */
|
|
- e_tag_len = oidc_base64url_encode(r, &e_tag, (const char *) tag,
|
|
- OIDC_CACHE_TAG_LEN, 1);
|
|
- memcpy(p, e_tag, e_tag_len);
|
|
- encoded_len += e_tag_len + 1;
|
|
-
|
|
- /* make sure the result is \0 terminated */
|
|
- encoded[encoded_len] = '\0';
|
|
-
|
|
- *result = encoded;
|
|
- }
|
|
-
|
|
- return encoded_len;
|
|
+ return rv;
|
|
}
|
|
|
|
/*
|
|
- * AES GCM decrypt using the static AAD and IV
|
|
+ * AES GCM decrypt using the crypto passphrase as symmetric key
|
|
*/
|
|
-static int oidc_cache_crypto_decrypt(request_rec *r, const char *cache_value,
|
|
- unsigned char *key, unsigned char **plaintext) {
|
|
+static apr_byte_t oidc_cache_crypto_decrypt(request_rec *r, const char *cache_value,
|
|
+ const char *key, char **plaintext) {
|
|
|
|
- int len = -1;
|
|
+ apr_byte_t rv = FALSE;
|
|
+ json_t *json = NULL;
|
|
|
|
- /* grab the base64url-encoded tag after the "." */
|
|
- char *encoded_tag = strstr(cache_value, ".");
|
|
- if (encoded_tag == NULL) {
|
|
- oidc_error(r,
|
|
- "corrupted cache value: no tag separator found in encrypted value");
|
|
- return FALSE;
|
|
- }
|
|
+ rv = oidc_util_jwt_verify(r, (const char*) key, cache_value, &json);
|
|
+ if (rv == FALSE)
|
|
+ goto end;
|
|
|
|
- /* make sure we don't modify the original string since it may be just a pointer into the cache (shm) */
|
|
- cache_value = apr_pstrmemdup(r->pool, cache_value,
|
|
- strlen(cache_value) - strlen(encoded_tag));
|
|
- encoded_tag++;
|
|
+ rv = oidc_json_object_get_string(r->pool, json, OIDC_CACHE_CRYPTO_JSON_KEY, plaintext, NULL);
|
|
|
|
- /* base64url decode the ciphertext */
|
|
- char *d_bytes = NULL;
|
|
- int d_len = oidc_base64url_decode(r->pool, &d_bytes, cache_value);
|
|
+ end:
|
|
|
|
- /* base64url decode the tag */
|
|
- char *t_bytes = NULL;
|
|
- int t_len = oidc_base64url_decode(r->pool, &t_bytes, encoded_tag);
|
|
+ if (json)
|
|
+ json_decref(json);
|
|
|
|
- /* see if we're still good to go */
|
|
- if ((d_len > 0) && (t_len > 0)) {
|
|
-
|
|
- /* allocated space for the plaintext */
|
|
- *plaintext = apr_pcalloc(r->pool,
|
|
- (d_len + EVP_CIPHER_block_size(OIDC_CACHE_CIPHER) - 1));
|
|
-
|
|
- /* decrypt the ciphertext providing the tag value */
|
|
-
|
|
- len = oidc_cache_crypto_decrypt_impl(r, (unsigned char *) d_bytes,
|
|
- d_len, OIDC_CACHE_CRYPTO_GCM_AAD,
|
|
- sizeof(OIDC_CACHE_CRYPTO_GCM_AAD), (unsigned char *) t_bytes,
|
|
- t_len, key, OIDC_CACHE_CRYPTO_GCM_IV,
|
|
- sizeof(OIDC_CACHE_CRYPTO_GCM_IV), *plaintext);
|
|
-
|
|
- /* check the result and make sure it is \0 terminated */
|
|
- if (len > -1) {
|
|
- (*plaintext)[len] = '\0';
|
|
- } else {
|
|
- *plaintext = NULL;
|
|
- }
|
|
-
|
|
- }
|
|
-
|
|
- return len;
|
|
-}
|
|
-
|
|
-/*
|
|
- * hash the crypto passhphrase so it has enough key length for AES GCM 256
|
|
- */
|
|
-static unsigned char *oidc_cache_hash_passphrase(request_rec *r,
|
|
- const char *passphrase) {
|
|
-
|
|
- unsigned char *key = NULL;
|
|
- unsigned int key_len = 0;
|
|
- oidc_jose_error_t err;
|
|
-
|
|
- if (oidc_jose_hash_bytes(r->pool, OIDC_JOSE_ALG_SHA256,
|
|
- (const unsigned char *) passphrase, strlen(passphrase), &key,
|
|
- &key_len, &err) == FALSE) {
|
|
- oidc_error(r, "oidc_jose_hash_bytes returned an error: %s", err.text);
|
|
- return NULL;
|
|
- }
|
|
-
|
|
- return key;
|
|
+ return rv;
|
|
}
|
|
|
|
/*
|
|
* hash a cache key and a crypto passphrase so the result is suitable as an randomized cache key
|
|
*/
|
|
-static char *oidc_cache_get_hashed_key(request_rec *r, const char *passphrase,
|
|
- const char *key) {
|
|
+static char* oidc_cache_get_hashed_key(request_rec *r, const char *passphrase, const char *key) {
|
|
char *input = apr_psprintf(r->pool, "%s:%s", passphrase, key);
|
|
char *output = NULL;
|
|
- if (oidc_util_hash_string_and_base64url_encode(r, OIDC_JOSE_ALG_SHA256,
|
|
- input, &output) == FALSE) {
|
|
- oidc_error(r,
|
|
- "oidc_util_hash_string_and_base64url_encode returned an error");
|
|
+ if (oidc_util_hash_string_and_base64url_encode(r, OIDC_JOSE_ALG_SHA256, input, &output)
|
|
+ == FALSE) {
|
|
+ oidc_error(r, "oidc_util_hash_string_and_base64url_encode returned an error");
|
|
return NULL;
|
|
}
|
|
return output;
|
|
@@ -588,9 +323,7 @@ apr_byte_t oidc_cache_get(request_rec *r, const char *section, const char *key,
|
|
goto out;
|
|
}
|
|
|
|
- rc = (oidc_cache_crypto_decrypt(r, cache_value,
|
|
- oidc_cache_hash_passphrase(r, cfg->crypto_passphrase),
|
|
- (unsigned char **) value) > 0);
|
|
+ rc = oidc_cache_crypto_decrypt(r, cache_value, cfg->crypto_passphrase, value);
|
|
|
|
out:
|
|
/* log the result */
|
|
@@ -634,9 +367,7 @@ apr_byte_t oidc_cache_set(request_rec *r, const char *section, const char *key,
|
|
goto out;
|
|
|
|
if (value != NULL) {
|
|
- if (oidc_cache_crypto_encrypt(r, value,
|
|
- oidc_cache_hash_passphrase(r, cfg->crypto_passphrase),
|
|
- &encoded) <= 0)
|
|
+ if (oidc_cache_crypto_encrypt(r, value, cfg->crypto_passphrase, &encoded) == FALSE)
|
|
goto out;
|
|
value = encoded;
|
|
}
|
|
|