summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/core/wee-secure.c140
-rw-r--r--src/core/wee-secure.h3
-rw-r--r--tests/unit/core/test-core-secure.cpp121
3 files changed, 241 insertions, 23 deletions
diff --git a/src/core/wee-secure.c b/src/core/wee-secure.c
index 39b09aa90..18a8ee52b 100644
--- a/src/core/wee-secure.c
+++ b/src/core/wee-secure.c
@@ -66,6 +66,104 @@ int secure_data_encrypted = 0;
/*
+ * Computes hash of data, as binary buffer.
+ *
+ * Note: "*hash" must be freed after use.
+ */
+
+void
+secure_hash_binary (const char *data, int length_data, int hash_algo,
+ char **hash, int *length_hash)
+{
+ gcry_md_hd_t *hd_md;
+ int hd_md_opened;
+ unsigned char *ptr_hash;
+
+ if (!hash || !length_hash)
+ return;
+
+ hd_md = NULL;
+ hd_md_opened = 0;
+ *hash = NULL;
+ *length_hash = 0;
+
+ if (!data || (length_data < 1))
+ goto hash_binary_end;
+
+ hd_md = malloc (sizeof (gcry_md_hd_t));
+ if (!hd_md)
+ goto hash_binary_end;
+
+ if (gcry_md_open (hd_md, hash_algo, 0) != 0)
+ goto hash_binary_end;
+
+ hd_md_opened = 1;
+
+ gcry_md_write (*hd_md, data, length_data);
+ ptr_hash = gcry_md_read (*hd_md, hash_algo);
+ if (!ptr_hash)
+ goto hash_binary_end;
+
+ *length_hash = gcry_md_get_algo_dlen (hash_algo);
+ *hash = malloc (*length_hash);
+ if (!*hash)
+ {
+ *length_hash = 0;
+ goto hash_binary_end;
+ }
+ memcpy (*hash, ptr_hash, *length_hash);
+
+hash_binary_end:
+ if (hd_md)
+ {
+ if (hd_md_opened)
+ gcry_md_close (*hd_md);
+ free (hd_md);
+ }
+}
+
+/*
+ * Computes hash of data, as text (string with hexadecimal).
+ *
+ * Returns a string with the hash as hexadecimal, NULL if error.
+ *
+ * Note: result must be freed after use.
+ */
+
+char *
+secure_hash (const char *data, int length_data, int hash_algo)
+{
+ char *hash, *result;
+ int length_hash, i;
+ const char *hexa = "0123456789abcdef";
+
+ hash = NULL;
+ length_hash = 0;
+ result = NULL;
+
+ secure_hash_binary (data, length_data, hash_algo, &hash, &length_hash);
+ if (!hash || (length_hash < 1))
+ goto hash_end;
+
+ result = malloc (((length_hash) * 2) + 1);
+ if (!result)
+ goto hash_end;
+
+ for (i = 0; i < length_hash; i++)
+ {
+ result[i * 2] = hexa[(hash[i] & 0xFF) / 16];
+ result[(i * 2) + 1] = hexa[(hash[i] & 0xFF) % 16];
+ }
+ result[(length_hash * 2)] = '\0';
+
+hash_end:
+ if (hash)
+ free (hash);
+
+ return result;
+}
+
+/*
* Derives a key from salt + passphrase (using a hash).
*
* Returns:
@@ -187,7 +285,7 @@ secure_encrypt_data (const char *data, int length_data,
length_key = gcry_cipher_get_algo_keylen (cipher);
key = malloc (length_key);
if (!key)
- goto encend;
+ goto encrypt_end;
if (CONFIG_BOOLEAN(secure_config_crypt_salt))
gcry_randomize (salt, SECURE_SALT_SIZE, GCRY_STRONG_RANDOM);
else
@@ -202,14 +300,14 @@ secure_encrypt_data (const char *data, int length_data,
if (!secure_derive_key (salt, passphrase, key, length_key))
{
rc = -2;
- goto encend;
+ goto encrypt_end;
}
/* compute hash of data */
if (gcry_md_open (hd_md, hash_algo, 0) != 0)
{
rc = -3;
- goto encend;
+ goto encrypt_end;
}
hd_md_opened = 1;
length_hash = gcry_md_get_algo_dlen (hash_algo);
@@ -218,14 +316,14 @@ secure_encrypt_data (const char *data, int length_data,
if (!ptr_hash)
{
rc = -3;
- goto encend;
+ goto encrypt_end;
}
/* build a buffer with hash + data */
length_hash_data = length_hash + length_data;
hash_and_data = malloc (length_hash_data);
if (!hash_and_data)
- goto encend;
+ goto encrypt_end;
memcpy (hash_and_data, ptr_hash, length_hash);
memcpy (hash_and_data + length_hash, data, length_data);
@@ -233,32 +331,32 @@ secure_encrypt_data (const char *data, int length_data,
if (gcry_cipher_open (hd_cipher, cipher, GCRY_CIPHER_MODE_CFB, 0) != 0)
{
rc = -4;
- goto encend;
+ goto encrypt_end;
}
hd_cipher_opened = 1;
if (gcry_cipher_setkey (*hd_cipher, key, length_key) != 0)
{
rc = -5;
- goto encend;
+ goto encrypt_end;
}
if (gcry_cipher_encrypt (*hd_cipher, hash_and_data, length_hash_data,
NULL, 0) != 0)
{
rc = -6;
- goto encend;
+ goto encrypt_end;
}
/* create buffer and copy salt + encrypted hash/data into this buffer*/
*length_encrypted = SECURE_SALT_SIZE + length_hash_data;
*encrypted = malloc (*length_encrypted);
if (!*encrypted)
- goto encend;
+ goto encrypt_end;
memcpy (*encrypted, salt, SECURE_SALT_SIZE);
memcpy (*encrypted + SECURE_SALT_SIZE, hash_and_data, length_hash_data);
rc = 0;
-encend:
+encrypt_end:
if (hd_md)
{
if (hd_md_opened)
@@ -347,27 +445,27 @@ secure_decrypt_data (const char *buffer, int length_buffer,
length_key = gcry_cipher_get_algo_keylen (cipher);
key = malloc (length_key);
if (!key)
- goto decend;
+ goto decrypt_end;
if (!secure_derive_key (buffer, passphrase, key, length_key))
{
rc = -3;
- goto decend;
+ goto decrypt_end;
}
/* decrypt hash + data */
decrypted_hash_data = malloc (length_buffer - SECURE_SALT_SIZE);
if (!decrypted_hash_data)
- goto decend;
+ goto decrypt_end;
if (gcry_cipher_open (hd_cipher, cipher, GCRY_CIPHER_MODE_CFB, 0) != 0)
{
rc = -4;
- goto decend;
+ goto decrypt_end;
}
hd_cipher_opened = 1;
if (gcry_cipher_setkey (*hd_cipher, key, length_key) != 0)
{
rc = -5;
- goto decend;
+ goto decrypt_end;
}
if (gcry_cipher_decrypt (*hd_cipher,
decrypted_hash_data,
@@ -376,14 +474,14 @@ secure_decrypt_data (const char *buffer, int length_buffer,
length_buffer - SECURE_SALT_SIZE) != 0)
{
rc = -6;
- goto decend;
+ goto decrypt_end;
}
/* check if hash is OK for decrypted data */
if (gcry_md_open (hd_md, hash_algo, 0) != 0)
{
rc = -7;
- goto decend;
+ goto decrypt_end;
}
hd_md_opened = 1;
gcry_md_write (*hd_md, decrypted_hash_data + length_hash,
@@ -392,25 +490,25 @@ secure_decrypt_data (const char *buffer, int length_buffer,
if (!ptr_hash)
{
rc = -7;
- goto decend;
+ goto decrypt_end;
}
if (memcmp (ptr_hash, decrypted_hash_data, length_hash) != 0)
{
rc = -8;
- goto decend;
+ goto decrypt_end;
}
/* return the decrypted data */
*length_decrypted = length_buffer - SECURE_SALT_SIZE - length_hash;
*decrypted = malloc (*length_decrypted);
if (!*decrypted)
- goto decend;
+ goto decrypt_end;
memcpy (*decrypted, decrypted_hash_data + length_hash, *length_decrypted);
rc = 0;
-decend:
+decrypt_end:
if (hd_md)
{
if (hd_md_opened)
diff --git a/src/core/wee-secure.h b/src/core/wee-secure.h
index 884fad8ca..303e0c9e5 100644
--- a/src/core/wee-secure.h
+++ b/src/core/wee-secure.h
@@ -55,6 +55,9 @@ extern int secure_cipher[];
extern int secure_data_encrypted;
extern char *secure_decrypt_error[];
+extern void secure_hash_binary (const char *data, int length_data,
+ int hash_algo, char **hash, int *length_hash);
+extern char *secure_hash (const char *data, int length_data, int hash_algo);
extern int secure_encrypt_data (const char *data, int length_data,
int hash_algo, int cipher,
const char *passphrase, char **encrypted,
diff --git a/tests/unit/core/test-core-secure.cpp b/tests/unit/core/test-core-secure.cpp
index b59cb7fca..ecb525025 100644
--- a/tests/unit/core/test-core-secure.cpp
+++ b/tests/unit/core/test-core-secure.cpp
@@ -24,13 +24,77 @@
extern "C"
{
#include <string.h>
+#include <gcrypt.h>
#include "src/core/wee-secure.h"
+#include "src/core/wee-string.h"
}
+#define DATA_HASH "this is a test of hash function"
+#define DATA_HASH_MD5 "1197d121af621ac6a63cb8ef6b5dfa30"
+#define DATA_HASH_SHA1 "799d818061175b400dc5aaeb14b8d32cdef32ff0"
+#define DATA_HASH_SHA224 "637d21f3ba3f4e9fa9fb889dc990b31a658cb37b4aefb5144" \
+ "70b016d"
+#define DATA_HASH_SHA256 "b9a4c3393dfac4330736684510378851e581c68add8eca841" \
+ "10c31a33e694676"
+#define DATA_HASH_SHA384 "42853280be9b8409eed265f272bd580e2fbd448b7c7e236c7" \
+ "f37dafec7906d51d982dc84ec70a4733eca49d86ac19455"
+#define DATA_HASH_SHA512 "4469190d4e0d1fdc0afb6f408d9873c89b8ce89cc4db79fe0" \
+ "58255c55ad6821fa5e9bb068f9e578c8ae7cc825d85ff99c439d59e439bc589d95620a" \
+ "1e6b8ae6e"
+#define DATA_HASH_SHA3_224 "26432a3a4ea998790be43386b1de417f88be43146a4af98" \
+ "2a9627d10"
+#define DATA_HASH_SHA3_256 "226e3830306711cf653c1661765c304b37038e7457c35dd" \
+ "14fca0f6a8ba1d2e3"
+#define DATA_HASH_SHA3_384 "77bc16f89c102efc783ddeccc71862fe919b66e1aaa88bd" \
+ "2ba5f0bbe604fcb86c68f0e401d5d553597366cdd400595ba"
+#define DATA_HASH_SHA3_512 "31dfb5fc8f30ac7007acddc4fce562d408706833d0d2af2" \
+ "e5f61a179099592927ff7d100e278406c7f98d42575001e26e153b135c21f7ef5b00c8" \
+ "cef93ca048d"
#define SECURE_PASSPHRASE "this_is_a_secret_passphrase"
#define SECURE_PASSWORD "this_is_a_secret_password"
#define TOTP_SECRET "secretpasswordbase32"
+#define WEE_CHECK_HASH_BIN(__result, __buffer, __length, __hash_algo) \
+ if (__result) \
+ { \
+ result_bin = (char *)malloc (4096); \
+ length_bin = string_base16_decode (__result, \
+ (char *)result_bin); \
+ } \
+ else \
+ { \
+ result_bin = NULL; \
+ length_bin = 0; \
+ } \
+ secure_hash_binary (__buffer, __length, __hash_algo, \
+ &hash_bin, &length_hash_bin); \
+ if (__result == NULL) \
+ { \
+ POINTERS_EQUAL(NULL, hash_bin); \
+ } \
+ else \
+ { \
+ MEMCMP_EQUAL(result_bin, hash_bin, length_hash_bin); \
+ } \
+ LONGS_EQUAL(length_bin, length_hash_bin); \
+ if (result_bin) \
+ free (result_bin); \
+ if (hash_bin) \
+ free (hash_bin);
+
+#define WEE_CHECK_HASH_HEX(__result, __buffer, __length, __hash_algo) \
+ hash = secure_hash (__buffer, __length, __hash_algo); \
+ if (__result == NULL) \
+ { \
+ POINTERS_EQUAL(NULL, hash); \
+ } \
+ else \
+ { \
+ STRCMP_EQUAL(__result, hash); \
+ } \
+ if (hash) \
+ free (hash);
+
#define WEE_CHECK_TOTP_GENERATE(__result, __secret, __time, __digits) \
totp = secure_totp_generate (__secret, __time, __digits); \
if (__result == NULL) \
@@ -40,8 +104,10 @@ extern "C"
else \
{ \
STRCMP_EQUAL(__result, totp); \
- free (totp); \
- }
+ } \
+ if (totp) \
+ free (totp);
+
#define WEE_CHECK_TOTP_VALIDATE(__result, __secret, __time, __window, \
__otp) \
LONGS_EQUAL(__result, secure_totp_validate (__secret, __time, \
@@ -53,6 +119,57 @@ TEST_GROUP(CoreSecure)
/*
* Tests functions:
+ * secure_hash_binary
+ * secure_hash
+ */
+
+TEST(CoreSecure, Hash)
+{
+ const char *data = DATA_HASH;
+ char *result_bin, *hash_bin, *hash;
+ int length, length_bin, length_hash_bin;
+
+ length = strlen (data);
+
+ WEE_CHECK_HASH_BIN(NULL, NULL, 0, 0);
+ WEE_CHECK_HASH_HEX(NULL, NULL, 0, 0);
+
+ WEE_CHECK_HASH_BIN(NULL, "test", 0, 0);
+ WEE_CHECK_HASH_HEX(NULL, "test", 0, 0);
+
+ WEE_CHECK_HASH_BIN(DATA_HASH_MD5, data, length, GCRY_MD_MD5);
+ WEE_CHECK_HASH_HEX(DATA_HASH_MD5, data, length, GCRY_MD_MD5);
+
+ WEE_CHECK_HASH_BIN(DATA_HASH_SHA1, data, length, GCRY_MD_SHA1);
+ WEE_CHECK_HASH_HEX(DATA_HASH_SHA1, data, length, GCRY_MD_SHA1);
+
+ WEE_CHECK_HASH_BIN(DATA_HASH_SHA224, data, length, GCRY_MD_SHA224);
+ WEE_CHECK_HASH_HEX(DATA_HASH_SHA224, data, length, GCRY_MD_SHA224);
+
+ WEE_CHECK_HASH_BIN(DATA_HASH_SHA256, data, length, GCRY_MD_SHA256);
+ WEE_CHECK_HASH_HEX(DATA_HASH_SHA256, data, length, GCRY_MD_SHA256);
+
+ WEE_CHECK_HASH_BIN(DATA_HASH_SHA384, data, length, GCRY_MD_SHA384);
+ WEE_CHECK_HASH_HEX(DATA_HASH_SHA384, data, length, GCRY_MD_SHA384);
+
+ WEE_CHECK_HASH_BIN(DATA_HASH_SHA512, data, length, GCRY_MD_SHA512);
+ WEE_CHECK_HASH_HEX(DATA_HASH_SHA512, data, length, GCRY_MD_SHA512);
+
+ WEE_CHECK_HASH_BIN(DATA_HASH_SHA3_224, data, length, GCRY_MD_SHA3_224);
+ WEE_CHECK_HASH_HEX(DATA_HASH_SHA3_224, data, length, GCRY_MD_SHA3_224);
+
+ WEE_CHECK_HASH_BIN(DATA_HASH_SHA3_256, data, length, GCRY_MD_SHA3_256);
+ WEE_CHECK_HASH_HEX(DATA_HASH_SHA3_256, data, length, GCRY_MD_SHA3_256);
+
+ WEE_CHECK_HASH_BIN(DATA_HASH_SHA3_384, data, length, GCRY_MD_SHA3_384);
+ WEE_CHECK_HASH_HEX(DATA_HASH_SHA3_384, data, length, GCRY_MD_SHA3_384);
+
+ WEE_CHECK_HASH_BIN(DATA_HASH_SHA3_512, data, length, GCRY_MD_SHA3_512);
+ WEE_CHECK_HASH_HEX(DATA_HASH_SHA3_512, data, length, GCRY_MD_SHA3_512);
+}
+
+/*
+ * Tests functions:
* secure_encrypt_data
* secure_decrypt_data
*/