diff options
-rw-r--r-- | src/core/wee-secure.c | 140 | ||||
-rw-r--r-- | src/core/wee-secure.h | 3 | ||||
-rw-r--r-- | tests/unit/core/test-core-secure.cpp | 121 |
3 files changed, 241 insertions, 23 deletions
diff --git a/src/core/wee-secure.c b/src/core/wee-secure.c index 39b09aa90..18a8ee52b 100644 --- a/src/core/wee-secure.c +++ b/src/core/wee-secure.c @@ -66,6 +66,104 @@ int secure_data_encrypted = 0; /* + * Computes hash of data, as binary buffer. + * + * Note: "*hash" must be freed after use. + */ + +void +secure_hash_binary (const char *data, int length_data, int hash_algo, + char **hash, int *length_hash) +{ + gcry_md_hd_t *hd_md; + int hd_md_opened; + unsigned char *ptr_hash; + + if (!hash || !length_hash) + return; + + hd_md = NULL; + hd_md_opened = 0; + *hash = NULL; + *length_hash = 0; + + if (!data || (length_data < 1)) + goto hash_binary_end; + + hd_md = malloc (sizeof (gcry_md_hd_t)); + if (!hd_md) + goto hash_binary_end; + + if (gcry_md_open (hd_md, hash_algo, 0) != 0) + goto hash_binary_end; + + hd_md_opened = 1; + + gcry_md_write (*hd_md, data, length_data); + ptr_hash = gcry_md_read (*hd_md, hash_algo); + if (!ptr_hash) + goto hash_binary_end; + + *length_hash = gcry_md_get_algo_dlen (hash_algo); + *hash = malloc (*length_hash); + if (!*hash) + { + *length_hash = 0; + goto hash_binary_end; + } + memcpy (*hash, ptr_hash, *length_hash); + +hash_binary_end: + if (hd_md) + { + if (hd_md_opened) + gcry_md_close (*hd_md); + free (hd_md); + } +} + +/* + * Computes hash of data, as text (string with hexadecimal). + * + * Returns a string with the hash as hexadecimal, NULL if error. + * + * Note: result must be freed after use. + */ + +char * +secure_hash (const char *data, int length_data, int hash_algo) +{ + char *hash, *result; + int length_hash, i; + const char *hexa = "0123456789abcdef"; + + hash = NULL; + length_hash = 0; + result = NULL; + + secure_hash_binary (data, length_data, hash_algo, &hash, &length_hash); + if (!hash || (length_hash < 1)) + goto hash_end; + + result = malloc (((length_hash) * 2) + 1); + if (!result) + goto hash_end; + + for (i = 0; i < length_hash; i++) + { + result[i * 2] = hexa[(hash[i] & 0xFF) / 16]; + result[(i * 2) + 1] = hexa[(hash[i] & 0xFF) % 16]; + } + result[(length_hash * 2)] = '\0'; + +hash_end: + if (hash) + free (hash); + + return result; +} + +/* * Derives a key from salt + passphrase (using a hash). * * Returns: @@ -187,7 +285,7 @@ secure_encrypt_data (const char *data, int length_data, length_key = gcry_cipher_get_algo_keylen (cipher); key = malloc (length_key); if (!key) - goto encend; + goto encrypt_end; if (CONFIG_BOOLEAN(secure_config_crypt_salt)) gcry_randomize (salt, SECURE_SALT_SIZE, GCRY_STRONG_RANDOM); else @@ -202,14 +300,14 @@ secure_encrypt_data (const char *data, int length_data, if (!secure_derive_key (salt, passphrase, key, length_key)) { rc = -2; - goto encend; + goto encrypt_end; } /* compute hash of data */ if (gcry_md_open (hd_md, hash_algo, 0) != 0) { rc = -3; - goto encend; + goto encrypt_end; } hd_md_opened = 1; length_hash = gcry_md_get_algo_dlen (hash_algo); @@ -218,14 +316,14 @@ secure_encrypt_data (const char *data, int length_data, if (!ptr_hash) { rc = -3; - goto encend; + goto encrypt_end; } /* build a buffer with hash + data */ length_hash_data = length_hash + length_data; hash_and_data = malloc (length_hash_data); if (!hash_and_data) - goto encend; + goto encrypt_end; memcpy (hash_and_data, ptr_hash, length_hash); memcpy (hash_and_data + length_hash, data, length_data); @@ -233,32 +331,32 @@ secure_encrypt_data (const char *data, int length_data, if (gcry_cipher_open (hd_cipher, cipher, GCRY_CIPHER_MODE_CFB, 0) != 0) { rc = -4; - goto encend; + goto encrypt_end; } hd_cipher_opened = 1; if (gcry_cipher_setkey (*hd_cipher, key, length_key) != 0) { rc = -5; - goto encend; + goto encrypt_end; } if (gcry_cipher_encrypt (*hd_cipher, hash_and_data, length_hash_data, NULL, 0) != 0) { rc = -6; - goto encend; + goto encrypt_end; } /* create buffer and copy salt + encrypted hash/data into this buffer*/ *length_encrypted = SECURE_SALT_SIZE + length_hash_data; *encrypted = malloc (*length_encrypted); if (!*encrypted) - goto encend; + goto encrypt_end; memcpy (*encrypted, salt, SECURE_SALT_SIZE); memcpy (*encrypted + SECURE_SALT_SIZE, hash_and_data, length_hash_data); rc = 0; -encend: +encrypt_end: if (hd_md) { if (hd_md_opened) @@ -347,27 +445,27 @@ secure_decrypt_data (const char *buffer, int length_buffer, length_key = gcry_cipher_get_algo_keylen (cipher); key = malloc (length_key); if (!key) - goto decend; + goto decrypt_end; if (!secure_derive_key (buffer, passphrase, key, length_key)) { rc = -3; - goto decend; + goto decrypt_end; } /* decrypt hash + data */ decrypted_hash_data = malloc (length_buffer - SECURE_SALT_SIZE); if (!decrypted_hash_data) - goto decend; + goto decrypt_end; if (gcry_cipher_open (hd_cipher, cipher, GCRY_CIPHER_MODE_CFB, 0) != 0) { rc = -4; - goto decend; + goto decrypt_end; } hd_cipher_opened = 1; if (gcry_cipher_setkey (*hd_cipher, key, length_key) != 0) { rc = -5; - goto decend; + goto decrypt_end; } if (gcry_cipher_decrypt (*hd_cipher, decrypted_hash_data, @@ -376,14 +474,14 @@ secure_decrypt_data (const char *buffer, int length_buffer, length_buffer - SECURE_SALT_SIZE) != 0) { rc = -6; - goto decend; + goto decrypt_end; } /* check if hash is OK for decrypted data */ if (gcry_md_open (hd_md, hash_algo, 0) != 0) { rc = -7; - goto decend; + goto decrypt_end; } hd_md_opened = 1; gcry_md_write (*hd_md, decrypted_hash_data + length_hash, @@ -392,25 +490,25 @@ secure_decrypt_data (const char *buffer, int length_buffer, if (!ptr_hash) { rc = -7; - goto decend; + goto decrypt_end; } if (memcmp (ptr_hash, decrypted_hash_data, length_hash) != 0) { rc = -8; - goto decend; + goto decrypt_end; } /* return the decrypted data */ *length_decrypted = length_buffer - SECURE_SALT_SIZE - length_hash; *decrypted = malloc (*length_decrypted); if (!*decrypted) - goto decend; + goto decrypt_end; memcpy (*decrypted, decrypted_hash_data + length_hash, *length_decrypted); rc = 0; -decend: +decrypt_end: if (hd_md) { if (hd_md_opened) diff --git a/src/core/wee-secure.h b/src/core/wee-secure.h index 884fad8ca..303e0c9e5 100644 --- a/src/core/wee-secure.h +++ b/src/core/wee-secure.h @@ -55,6 +55,9 @@ extern int secure_cipher[]; extern int secure_data_encrypted; extern char *secure_decrypt_error[]; +extern void secure_hash_binary (const char *data, int length_data, + int hash_algo, char **hash, int *length_hash); +extern char *secure_hash (const char *data, int length_data, int hash_algo); extern int secure_encrypt_data (const char *data, int length_data, int hash_algo, int cipher, const char *passphrase, char **encrypted, diff --git a/tests/unit/core/test-core-secure.cpp b/tests/unit/core/test-core-secure.cpp index b59cb7fca..ecb525025 100644 --- a/tests/unit/core/test-core-secure.cpp +++ b/tests/unit/core/test-core-secure.cpp @@ -24,13 +24,77 @@ extern "C" { #include <string.h> +#include <gcrypt.h> #include "src/core/wee-secure.h" +#include "src/core/wee-string.h" } +#define DATA_HASH "this is a test of hash function" +#define DATA_HASH_MD5 "1197d121af621ac6a63cb8ef6b5dfa30" +#define DATA_HASH_SHA1 "799d818061175b400dc5aaeb14b8d32cdef32ff0" +#define DATA_HASH_SHA224 "637d21f3ba3f4e9fa9fb889dc990b31a658cb37b4aefb5144" \ + "70b016d" +#define DATA_HASH_SHA256 "b9a4c3393dfac4330736684510378851e581c68add8eca841" \ + "10c31a33e694676" +#define DATA_HASH_SHA384 "42853280be9b8409eed265f272bd580e2fbd448b7c7e236c7" \ + "f37dafec7906d51d982dc84ec70a4733eca49d86ac19455" +#define DATA_HASH_SHA512 "4469190d4e0d1fdc0afb6f408d9873c89b8ce89cc4db79fe0" \ + "58255c55ad6821fa5e9bb068f9e578c8ae7cc825d85ff99c439d59e439bc589d95620a" \ + "1e6b8ae6e" +#define DATA_HASH_SHA3_224 "26432a3a4ea998790be43386b1de417f88be43146a4af98" \ + "2a9627d10" +#define DATA_HASH_SHA3_256 "226e3830306711cf653c1661765c304b37038e7457c35dd" \ + "14fca0f6a8ba1d2e3" +#define DATA_HASH_SHA3_384 "77bc16f89c102efc783ddeccc71862fe919b66e1aaa88bd" \ + "2ba5f0bbe604fcb86c68f0e401d5d553597366cdd400595ba" +#define DATA_HASH_SHA3_512 "31dfb5fc8f30ac7007acddc4fce562d408706833d0d2af2" \ + "e5f61a179099592927ff7d100e278406c7f98d42575001e26e153b135c21f7ef5b00c8" \ + "cef93ca048d" #define SECURE_PASSPHRASE "this_is_a_secret_passphrase" #define SECURE_PASSWORD "this_is_a_secret_password" #define TOTP_SECRET "secretpasswordbase32" +#define WEE_CHECK_HASH_BIN(__result, __buffer, __length, __hash_algo) \ + if (__result) \ + { \ + result_bin = (char *)malloc (4096); \ + length_bin = string_base16_decode (__result, \ + (char *)result_bin); \ + } \ + else \ + { \ + result_bin = NULL; \ + length_bin = 0; \ + } \ + secure_hash_binary (__buffer, __length, __hash_algo, \ + &hash_bin, &length_hash_bin); \ + if (__result == NULL) \ + { \ + POINTERS_EQUAL(NULL, hash_bin); \ + } \ + else \ + { \ + MEMCMP_EQUAL(result_bin, hash_bin, length_hash_bin); \ + } \ + LONGS_EQUAL(length_bin, length_hash_bin); \ + if (result_bin) \ + free (result_bin); \ + if (hash_bin) \ + free (hash_bin); + +#define WEE_CHECK_HASH_HEX(__result, __buffer, __length, __hash_algo) \ + hash = secure_hash (__buffer, __length, __hash_algo); \ + if (__result == NULL) \ + { \ + POINTERS_EQUAL(NULL, hash); \ + } \ + else \ + { \ + STRCMP_EQUAL(__result, hash); \ + } \ + if (hash) \ + free (hash); + #define WEE_CHECK_TOTP_GENERATE(__result, __secret, __time, __digits) \ totp = secure_totp_generate (__secret, __time, __digits); \ if (__result == NULL) \ @@ -40,8 +104,10 @@ extern "C" else \ { \ STRCMP_EQUAL(__result, totp); \ - free (totp); \ - } + } \ + if (totp) \ + free (totp); + #define WEE_CHECK_TOTP_VALIDATE(__result, __secret, __time, __window, \ __otp) \ LONGS_EQUAL(__result, secure_totp_validate (__secret, __time, \ @@ -53,6 +119,57 @@ TEST_GROUP(CoreSecure) /* * Tests functions: + * secure_hash_binary + * secure_hash + */ + +TEST(CoreSecure, Hash) +{ + const char *data = DATA_HASH; + char *result_bin, *hash_bin, *hash; + int length, length_bin, length_hash_bin; + + length = strlen (data); + + WEE_CHECK_HASH_BIN(NULL, NULL, 0, 0); + WEE_CHECK_HASH_HEX(NULL, NULL, 0, 0); + + WEE_CHECK_HASH_BIN(NULL, "test", 0, 0); + WEE_CHECK_HASH_HEX(NULL, "test", 0, 0); + + WEE_CHECK_HASH_BIN(DATA_HASH_MD5, data, length, GCRY_MD_MD5); + WEE_CHECK_HASH_HEX(DATA_HASH_MD5, data, length, GCRY_MD_MD5); + + WEE_CHECK_HASH_BIN(DATA_HASH_SHA1, data, length, GCRY_MD_SHA1); + WEE_CHECK_HASH_HEX(DATA_HASH_SHA1, data, length, GCRY_MD_SHA1); + + WEE_CHECK_HASH_BIN(DATA_HASH_SHA224, data, length, GCRY_MD_SHA224); + WEE_CHECK_HASH_HEX(DATA_HASH_SHA224, data, length, GCRY_MD_SHA224); + + WEE_CHECK_HASH_BIN(DATA_HASH_SHA256, data, length, GCRY_MD_SHA256); + WEE_CHECK_HASH_HEX(DATA_HASH_SHA256, data, length, GCRY_MD_SHA256); + + WEE_CHECK_HASH_BIN(DATA_HASH_SHA384, data, length, GCRY_MD_SHA384); + WEE_CHECK_HASH_HEX(DATA_HASH_SHA384, data, length, GCRY_MD_SHA384); + + WEE_CHECK_HASH_BIN(DATA_HASH_SHA512, data, length, GCRY_MD_SHA512); + WEE_CHECK_HASH_HEX(DATA_HASH_SHA512, data, length, GCRY_MD_SHA512); + + WEE_CHECK_HASH_BIN(DATA_HASH_SHA3_224, data, length, GCRY_MD_SHA3_224); + WEE_CHECK_HASH_HEX(DATA_HASH_SHA3_224, data, length, GCRY_MD_SHA3_224); + + WEE_CHECK_HASH_BIN(DATA_HASH_SHA3_256, data, length, GCRY_MD_SHA3_256); + WEE_CHECK_HASH_HEX(DATA_HASH_SHA3_256, data, length, GCRY_MD_SHA3_256); + + WEE_CHECK_HASH_BIN(DATA_HASH_SHA3_384, data, length, GCRY_MD_SHA3_384); + WEE_CHECK_HASH_HEX(DATA_HASH_SHA3_384, data, length, GCRY_MD_SHA3_384); + + WEE_CHECK_HASH_BIN(DATA_HASH_SHA3_512, data, length, GCRY_MD_SHA3_512); + WEE_CHECK_HASH_HEX(DATA_HASH_SHA3_512, data, length, GCRY_MD_SHA3_512); +} + +/* + * Tests functions: * secure_encrypt_data * secure_decrypt_data */ |