[vlc-devel] [PATCH 08/13] memory_file: add a crypt submodule

Wed Feb 24 14:25:17 CET 2016

This module use the file code to store credentials and crypted secrets on a
file.

The internal crypt API needs to be implemented.
---
 modules/keystore/Makefile.am    |   1 +
 modules/keystore/memory-crypt.h |  39 ++++++++++++++
 modules/keystore/memory-file.c  | 109 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 149 insertions(+)
 create mode 100644 modules/keystore/memory-crypt.h

diff --git a/modules/keystore/Makefile.am b/modules/keystore/Makefile.am
index dd0e089..99eed83 100644
--- a/modules/keystore/Makefile.am
+++ b/modules/keystore/Makefile.am
@@ -1,6 +1,7 @@
 keystoredir = $(pluginsdir)/keystore
 
 libmemory_file_keystore_plugin_la_SOURCES = keystore/memory-file.c
+	keystore/memory-crypt.h
 keystore_LTLIBRARIES = libmemory_file_keystore_plugin.la
 
 libsecret_plugin_la_SOURCES = keystore/secret.c
diff --git a/modules/keystore/memory-crypt.h b/modules/keystore/memory-crypt.h
new file mode 100644
index 0000000..4b4b815
--- /dev/null
+++ b/modules/keystore/memory-crypt.h
@@ -0,0 +1,39 @@
+/*****************************************************************************
+ * memory-crypt.h: Crypt extension of the keystore memory module
+ *****************************************************************************
+ * Copyright © 2016 VLC authors, VideoLAN and VideoLabs
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
+ *****************************************************************************/
+
+#if 0
+#if defined(__ANDROID__) || defined(_WIN32)
+# define CRYPTFILE
+#endif
+#endif
+
+#ifdef CRYPTFILE
+
+struct crypt
+{
+    void *  p_ctx;
+    size_t  (*pf_encrypt)(vlc_keystore *, void *, const uint8_t *, size_t, uint8_t **);
+    size_t  (*pf_decrypt)(vlc_keystore *, void *, const uint8_t *, size_t, uint8_t **);
+    void    (*pf_clean)(vlc_keystore *, void *);
+};
+
+int CryptInit(vlc_keystore *, struct crypt *);
+
+#endif
diff --git a/modules/keystore/memory-file.c b/modules/keystore/memory-file.c
index 7f6c2c8..2d1a569 100644
--- a/modules/keystore/memory-file.c
+++ b/modules/keystore/memory-file.c
@@ -38,11 +38,17 @@
 
 #include <assert.h>
 
+#include "memory-crypt.h"
+
 static int Open(vlc_object_t *);
 static void Close(vlc_object_t *);
 
 static int OpenFile(vlc_object_t *);
 static void CloseFile(vlc_object_t *);
+#ifdef CRYPTFILE
+static int OpenFileCrypt(vlc_object_t *);
+static void CloseFileCrypt(vlc_object_t *);
+#endif
 
 vlc_module_begin()
     set_shortname(N_("memory keystore"))
@@ -61,6 +67,16 @@ vlc_module_begin()
         add_string("keystore-file", NULL, NULL, NULL, false )
         set_capability("keystore", 0)
         add_shortcut("file-plaintext")
+#ifdef CRYPTFILE
+    add_submodule()
+        set_shortname(N_("crypt keystore"))
+        set_description(N_("secrets are stored encrypted on a file"))
+        set_category(CAT_ADVANCED)
+        set_subcategory(SUBCAT_ADVANCED_MISC)
+        set_callbacks(OpenFileCrypt, CloseFileCrypt)
+        set_capability("keystore", 1)
+        add_shortcut("file-crypt")
+#endif
 vlc_module_end ()
 
 struct list
@@ -74,6 +90,9 @@ struct vlc_keystore_sys
 {
     struct list     list;
     char *          psz_file;
+#ifdef CRYPTFILE
+    struct crypt    crypt;
+#endif
 };
 
 static void
@@ -614,3 +633,93 @@ OpenFile(vlc_object_t *p_this)
 
     return VLC_SUCCESS;
 }
+
+#ifdef CRYPTFILE
+static int
+StoreFileCrypt(vlc_keystore *p_keystore, const char *const ppsz_values[KEY_MAX],
+               const uint8_t *p_secret, size_t i_secret_len,
+               const char *psz_label)
+{
+    struct crypt *p_crypt = &p_keystore->p_sys->crypt;
+    uint8_t *p_enc_secret;
+    size_t i_enc_secret_len;
+
+    i_enc_secret_len = p_crypt->pf_encrypt(p_keystore, p_crypt->p_ctx, p_secret,
+                                           i_secret_len, &p_enc_secret);
+
+    if (i_enc_secret_len == 0)
+        return VLC_EGENERIC;
+
+    int i_ret = StoreFile(p_keystore, ppsz_values, p_enc_secret,
+                          i_enc_secret_len, psz_label);
+    free(p_enc_secret);
+
+    return i_ret;
+}
+
+static unsigned int
+FindFileCrypt(vlc_keystore *p_keystore, const char *const ppsz_values[KEY_MAX],
+              vlc_keystore_entry **pp_entries)
+{
+    struct crypt *p_crypt = &p_keystore->p_sys->crypt;
+    vlc_keystore_entry *p_entries;
+
+    unsigned i_count = FindFile(p_keystore, ppsz_values, &p_entries);
+
+    for (unsigned int i = 0; i < i_count; ++i)
+    {
+        vlc_keystore_entry *p_entry = &p_entries[i];
+        uint8_t *p_dec_secret;
+        size_t i_dec_secret_len =
+            p_crypt->pf_decrypt(p_keystore, p_crypt->p_ctx, p_entry->p_secret,
+                                p_entry->i_secret_len, &p_dec_secret);
+        if (i_dec_secret_len == 0)
+        {
+            vlc_keystore_release_entries(*pp_entries, i_count);
+            return 0;
+        }
+        free(p_entry->p_secret);
+        p_entry->p_secret = p_dec_secret;
+        p_entry->i_secret_len = i_dec_secret_len;
+    }
+
+    *pp_entries = p_entries;
+    return i_count;
+}
+
+static void
+CloseFileCrypt(vlc_object_t *p_this)
+{
+    vlc_keystore *p_keystore = (vlc_keystore *)p_this;
+    struct crypt *p_crypt = &p_keystore->p_sys->crypt;
+
+    if (p_crypt->pf_clean != NULL)
+        p_crypt->pf_clean(p_keystore, p_crypt->p_ctx);
+
+    CloseFile(p_this);
+}
+
+static int
+OpenFileCrypt(vlc_object_t *p_this)
+{
+    int i_ret = OpenFile(p_this);
+
+    if (i_ret != VLC_SUCCESS)
+        return i_ret;
+
+    vlc_keystore *p_keystore = (vlc_keystore *)p_this;
+    vlc_keystore_sys *p_sys = p_keystore->p_sys;
+
+    if (CryptInit(p_keystore, &p_sys->crypt) != VLC_SUCCESS)
+    {
+        CloseFile(p_this);
+        return VLC_EGENERIC;
+    }
+    assert(p_sys->crypt.pf_encrypt != NULL && p_sys->crypt.pf_decrypt != NULL);
+    p_keystore->pf_store = StoreFileCrypt;
+    p_keystore->pf_find = FindFileCrypt;
+    p_keystore->b_secure = true;
+
+    return VLC_SUCCESS;
+}
+#endif /* CRYPTFILE */
-- 
2.7.0

