[vlc-devel] [PATCH 00/13] Keystore: add memory module, add encryption in file module

[Thomas Guillem]

Patches from 4 to 10 rework the old unused plaintext module and split it in 3
submodules:

 - memory: Used by default when there is no other keystore or if the user
   doesn't want to store credentials permanently.

 - file-plaintext: unsecure module that store credentials in a file without any
   encryption, it's deactivated by default.

 - file-crypt: use file-plaintext code but encrypt/decrypt secrets via an
   internal crypt API. memory-android.c implements this API, and Windows may
   need it in the future too.

The first question you'll ask, why this not secure file-plaintext is still
exported ?

We need it for Android, because memory-android.c works only for Android M.
Before Android M, you could encrypt/decrypt but there is no safe way to store
the key or get a random seed (and it's useless to crypt a file on a disk if you
have to store the key on the same disk). So, before Android M, we'll store
credentials on the private space of the application. Theoretically, only the
VLC application could access it, except if your device is rooted or if you are
using adb.

That's why I added the b_secure boolean in the keystore and passed it to login
dialogs (Patches 1 to 3). This will allow us to warn the user on Android that
encryption is not available. For the VLC desktop version, if the keystore is
not secure, we won't store any credentials at all.

Finally, patches 12 and 13 remove the old way to store credentials in memory
when browsing.

Thomas Guillem (13):
  keystore: add b_secure
  dialog: add b_store_secure to vlc_dialog_wait_login
  libvlc: dialog: add b_store_secure to pf_display_login
  plaintext: rename to memory_file
  memory_file: remove locked singleton
  memory_file: move code
  memory_file: split into 2 submodules
  memory_file: add a crypt submodule
  memory_file: encrypt/decrypt password via AndroidKeyStore
  keystore: add a unique memory keystore
  keystore: also store empty passwords
  sftp: don't store credentials in sub items options
  dsm: don't store credentials in sub items options

 include/vlc/libvlc_dialog.h          |   3 +-
 include/vlc_dialog.h                 |  14 +-
 include/vlc_keystore.h               |  15 +-
 lib/dialog.c                         |   4 +-
 modules/access/dsm/access.c          |  32 +-
 modules/access/ftp.c                 |   2 +-
 modules/access/http.c                |   2 +-
 modules/access/live555.cpp           |   2 +-
 modules/access/sftp.c                |  25 +-
 modules/access/smb.c                 |   2 +-
 modules/gui/macosx/coredialogs.m     |   8 +-
 modules/gui/qt4/dialogs/external.cpp |  11 +-
 modules/gui/qt4/dialogs/external.hpp |   6 +-
 modules/keystore/Makefile.am         |   8 +-
 modules/keystore/keychain.m          |   1 +
 modules/keystore/kwallet.cpp         |   1 +
 modules/keystore/memory-android.c    | 620 ++++++++++++++++++++++++++++++
 modules/keystore/memory-crypt.h      |  34 ++
 modules/keystore/memory-file.c       | 725 +++++++++++++++++++++++++++++++++++
 modules/keystore/plaintext.c         | 559 ---------------------------
 modules/keystore/secret.c            |   1 +
 src/interface/dialog.c               |  17 +-
 src/libvlc.c                         |   4 +
 src/libvlc.h                         |   2 +
 src/libvlccore.sym                   |   2 +
 src/misc/keystore.c                  | 123 ++++--
 test/modules/keystore/test.c         |  88 +++--
 test/src/interface/dialog.c          |   6 +-
 28 files changed, 1607 insertions(+), 710 deletions(-)
 create mode 100644 modules/keystore/memory-android.c
 create mode 100644 modules/keystore/memory-crypt.h
 create mode 100644 modules/keystore/memory-file.c
 delete mode 100644 modules/keystore/plaintext.c

-- 
2.7.0