[vlc-commits] keystore/file: add a crypt submodule

Fri Feb 26 10:59:16 CET 2016

vlc | branch: master | Thomas Guillem <thomas at gllm.fr> | Thu Feb 25 14:23:16 2016 +0100| [4df30d8af97dc7a00c2c718996c0997024ee8b9b] | committer: Thomas Guillem

keystore/file: add a crypt submodule

This module store credentials and crypted secrets on a file.
The internal crypt API needs to be implemented.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=4df30d8af97dc7a00c2c718996c0997024ee8b9b
---

 modules/keystore/Makefile.am  |    1 +
 modules/keystore/file.c       |  100 ++++++++++++++++++++++++++++++++++++++++-
 modules/keystore/file_crypt.h |   39 ++++++++++++++++
 3 files changed, 138 insertions(+), 2 deletions(-)

diff --git a/modules/keystore/Makefile.am b/modules/keystore/Makefile.am
index 3db4d66..6a4858d 100644
--- a/modules/keystore/Makefile.am
+++ b/modules/keystore/Makefile.am
@@ -5,6 +5,7 @@ libmemory_keystore_plugin_la_SOURCES = keystore/memory.c \
 keystore_LTLIBRARIES = libmemory_keystore_plugin.la
 
 libfile_keystore_plugin_la_SOURCES = keystore/file.c \
+	keystore/file_crypt.h \
 	keystore/list_util.c keystore/list_util.h
 keystore_LTLIBRARIES += libfile_keystore_plugin.la
 
diff --git a/modules/keystore/file.c b/modules/keystore/file.c
index 1c65457..381ec87 100644
--- a/modules/keystore/file.c
+++ b/modules/keystore/file.c
@@ -37,10 +37,15 @@
 
 #include <assert.h>
 
+#include "file_crypt.h"
 #include "list_util.h"
 
 static int Open(vlc_object_t *);
 static void Close(vlc_object_t *);
+#ifdef CRYPTFILE
+static int OpenCrypt(vlc_object_t *);
+static void CloseCrypt(vlc_object_t *);
+#endif
 
 vlc_module_begin()
     set_shortname(N_("file keystore (plaintext)"))
@@ -51,11 +56,25 @@ vlc_module_begin()
     add_string("keystore-file", NULL, NULL, NULL, true)
     set_capability("keystore", 0)
     add_shortcut("file_plaintext")
+#ifdef CRYPTFILE
+    add_submodule()
+        set_shortname(N_("crypt keystore"))
+        set_description(N_("secrets are stored encrypted on a file"))
+        set_category(CAT_ADVANCED)
+        set_subcategory(SUBCAT_ADVANCED_MISC)
+        set_callbacks(OpenCrypt, CloseCrypt)
+        set_capability("keystore", 1)
+        add_shortcut("file_crypt")
+#endif
 vlc_module_end ()
 
 struct vlc_keystore_sys
 {
     char *          psz_file;
+#ifdef CRYPTFILE
+    bool            b_crypted;
+    struct crypt    crypt;
+#endif
 };
 
 static const char *const ppsz_keys[] = {
@@ -303,8 +322,29 @@ Store(vlc_keystore *p_keystore, const char *const ppsz_values[KEY_MAX],
     if (ks_values_copy((const char **)p_entry->ppsz_values, ppsz_values))
         goto end;
 
-    if (vlc_keystore_entry_set_secret(p_entry, p_secret, i_secret_len))
-        goto end;
+#ifdef CRYPTFILE
+    if (p_sys->b_crypted)
+    {
+        struct crypt *p_crypt = &p_sys->crypt;
+        uint8_t *p_enc_secret;
+        size_t i_enc_secret_len =
+            p_crypt->pf_encrypt(p_keystore, p_crypt->p_ctx, p_secret,
+                                i_secret_len, &p_enc_secret);
+        if (i_enc_secret_len == 0)
+            goto end;
+
+        if (vlc_keystore_entry_set_secret(p_entry, p_enc_secret,
+                                          i_enc_secret_len))
+            goto end;
+        free(p_enc_secret);
+    }
+    else
+#endif
+    {
+        if (vlc_keystore_entry_set_secret(p_entry, p_secret, i_secret_len))
+            goto end;
+    }
+
 
     i_ret = file_save(p_keystore, p_file, i_fd, &list);
 
@@ -343,6 +383,26 @@ Find(vlc_keystore *p_keystore, const char *const ppsz_values[KEY_MAX],
             goto end;
         }
 
+#ifdef CRYPTFILE
+        if (p_sys->b_crypted)
+        {
+            struct crypt *p_crypt = &p_sys->crypt;
+            uint8_t *p_dec_secret;
+            size_t i_dec_secret_len =
+                p_crypt->pf_decrypt(p_keystore, p_crypt->p_ctx, p_entry->p_secret,
+                                    p_entry->i_secret_len, &p_dec_secret);
+            if (i_dec_secret_len == 0)
+            {
+                ks_list_free(&out_list);
+                goto end;
+            }
+
+            free(p_entry->p_secret);
+            p_entry->p_secret = p_dec_secret;
+            p_entry->i_secret_len = i_dec_secret_len;
+        }
+#endif
+
         if (vlc_keystore_entry_set_secret(p_out_entry, p_entry->p_secret,
                                           p_entry->i_secret_len))
         {
@@ -445,3 +505,39 @@ Open(vlc_object_t *p_this)
 
     return VLC_SUCCESS;
 }
+
+#ifdef CRYPTFILE
+static void
+CloseCrypt(vlc_object_t *p_this)
+{
+    vlc_keystore *p_keystore = (vlc_keystore *)p_this;
+    struct crypt *p_crypt = &p_keystore->p_sys->crypt;
+
+    if (p_crypt->pf_clean != NULL)
+        p_crypt->pf_clean(p_keystore, p_crypt->p_ctx);
+
+    Close(p_this);
+}
+
+static int
+OpenCrypt(vlc_object_t *p_this)
+{
+    int i_ret = Open(p_this);
+
+    if (i_ret != VLC_SUCCESS)
+        return i_ret;
+
+    vlc_keystore *p_keystore = (vlc_keystore *)p_this;
+    vlc_keystore_sys *p_sys = p_keystore->p_sys;
+
+    if (CryptInit(p_keystore, &p_sys->crypt) != VLC_SUCCESS)
+    {
+        Close(p_this);
+        return VLC_EGENERIC;
+    }
+    assert(p_sys->crypt.pf_encrypt != NULL && p_sys->crypt.pf_decrypt != NULL);
+    p_sys->b_crypted = true;
+
+    return VLC_SUCCESS;
+}
+#endif /* CRYPTFILE */
diff --git a/modules/keystore/file_crypt.h b/modules/keystore/file_crypt.h
new file mode 100644
index 0000000..2ba4aad
--- /dev/null
+++ b/modules/keystore/file_crypt.h
@@ -0,0 +1,39 @@
+/*****************************************************************************
+ * file_crypt.h: Crypt extension of the keystore memory module
+ *****************************************************************************
+ * Copyright © 2016 VLC authors, VideoLAN and VideoLabs
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
+ *****************************************************************************/
+
+#if 0
+#if defined(__ANDROID__) || defined(_WIN32)
+# define CRYPTFILE
+#endif
+#endif
+
+#ifdef CRYPTFILE
+
+struct crypt
+{
+    void *  p_ctx;
+    size_t  (*pf_encrypt)(vlc_keystore *, void *, const uint8_t *, size_t, uint8_t **);
+    size_t  (*pf_decrypt)(vlc_keystore *, void *, const uint8_t *, size_t, uint8_t **);
+    void    (*pf_clean)(vlc_keystore *, void *);
+};
+
+int CryptInit(vlc_keystore *, struct crypt *);
+
+#endif

