[epiphany/wip/ephy-sync: 28/126] Move crypto functions to a new module
- From: Gabriel - Cristian Ivascu <gabrielivascu src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/wip/ephy-sync: 28/126] Move crypto functions to a new module
- Date: Fri, 19 Aug 2016 17:33:55 +0000 (UTC)
commit c9fc2119a488664319e8aff999836c42501bbf83
Author: Gabriel Ivascu <ivascu gabriel59 gmail com>
Date: Fri Jun 10 00:01:23 2016 +0300
Move crypto functions to a new module
src/Makefile.am | 2 +
src/ephy-sync-crypto.c | 144 +++++++++++++++++++++++++++++++++++++++
src/ephy-sync-crypto.h | 51 ++++++++++++++
src/ephy-sync-service.c | 173 ++++++++--------------------------------------
src/ephy-sync-service.h | 5 +-
src/ephy-sync-window.c | 23 +++---
6 files changed, 240 insertions(+), 158 deletions(-)
---
diff --git a/src/Makefile.am b/src/Makefile.am
index 09ec460..c2b936d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -59,6 +59,8 @@ libephymain_la_SOURCES = \
ephy-sync-window.h \
ephy-sync-service.c \
ephy-sync-service.h \
+ ephy-sync-crypto.c \
+ ephy-sync-crypto.h \
ephy-link.c \
ephy-link.h \
ephy-location-controller.c \
diff --git a/src/ephy-sync-crypto.c b/src/ephy-sync-crypto.c
new file mode 100644
index 0000000..edddf8f
--- /dev/null
+++ b/src/ephy-sync-crypto.c
@@ -0,0 +1,144 @@
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * Copyright © 2016 Gabriel Ivascu <ivascu gabriel59 gmail com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "ephy-sync-crypto.h"
+
+#include <glib/gstdio.h>
+#include <nettle/hmac.h>
+#include <nettle/pbkdf2.h>
+#include <string.h>
+
+static const gchar hex_digits[] = "0123456789abcdef";
+
+gchar *
+ephy_sync_crypto_kw (const gchar *name)
+{
+ return g_strconcat ("identity.mozilla.com/picl/v1/", name, NULL);
+}
+
+gchar *
+ephy_sync_crypto_kwe (const gchar *name,
+ const gchar *emailUTF8)
+{
+ return g_strconcat ("identity.mozilla.com/picl/v1/", name, ":", emailUTF8, NULL);
+}
+
+gchar *
+ephy_sync_crypto_encode_hex (guint8 *data,
+ gsize data_length)
+{
+ gchar *retval = g_malloc (data_length * 2 + 1);
+
+ for (gsize i = 0; i < data_length; i++) {
+ guint8 byte = data[i];
+
+ retval[2 * i] = hex_digits[byte >> 4];
+ retval[2 * i + 1] = hex_digits[byte & 0xf];
+ }
+
+ retval[data_length * 2] = 0;
+
+ return retval;
+}
+
+/*
+ * Runs 1000 iterations of PBKDF2.
+ * Uses sha256 as hash function.
+ */
+void
+ephy_sync_crypto_pbkdf2_1k (guint8 *key,
+ gsize key_length,
+ guint8 *salt,
+ gsize salt_length,
+ guint8 *out,
+ gsize out_length)
+{
+ pbkdf2_hmac_sha256 (key_length, key, 1000, salt_length, salt, out_length, out);
+}
+
+/*
+ * HMAC-based Extract-and-Expand Key Derivation Function.
+ * Uses sha256 as hash function.
+ * https://tools.ietf.org/html/rfc5869
+ */
+void
+ephy_sync_crypto_hkdf (guint8 *in,
+ gsize in_length,
+ guint8 *salt,
+ gsize salt_length,
+ guint8 *info,
+ gsize info_length,
+ guint8 *out,
+ gsize out_length)
+{
+ struct hmac_sha256_ctx ctx;
+ const gsize hash_length = 32;
+ gsize i, offset = 0;
+ guint8 *tmp, *prk;
+ guint8 counter;
+
+ if (out_length > hash_length * 255)
+ return;
+
+ /* If salt value was not provided, use an array of hash_length zeros */
+ if (salt == NULL) {
+ salt = g_malloc0 (hash_length);
+ salt_length = hash_length;
+ }
+
+ tmp = g_malloc0 (hash_length + info_length + 1);
+ prk = g_malloc0 (hash_length);
+
+ /* Step 1: Extract */
+ hmac_sha256_set_key (&ctx, salt_length, salt);
+ hmac_sha256_update (&ctx, in_length, in);
+ hmac_sha256_digest (&ctx, hash_length, prk);
+
+ /* Step 2: Expand */
+ hmac_sha256_set_key (&ctx, hash_length, prk);
+
+ for (i = 0, counter = 1; i < out_length; i += hash_length, counter++) {
+ memcpy (tmp + offset, info, info_length);
+ tmp[offset + info_length] = counter;
+
+ hmac_sha256_update (&ctx, offset + info_length + 1, tmp);
+ hmac_sha256_digest (&ctx, hash_length, tmp);
+
+ offset = hash_length;
+
+ memcpy (out + i, tmp, hash_length);
+ }
+
+ g_free (salt);
+ g_free (tmp);
+ g_free (prk);
+}
+
+void
+ephy_sync_crypto_display_hex (guint8 *data,
+ gsize data_length,
+ const gchar *data_name)
+{
+ g_printf ("%s:\n", data_name);
+ for (gsize i = 0; i < data_length; i++) {
+ g_printf ("%02x", data[i]);
+ if ((i + 1) % 8 == 0)
+ g_printf ("\n");
+ }
+ g_printf ("\n");
+}
diff --git a/src/ephy-sync-crypto.h b/src/ephy-sync-crypto.h
new file mode 100644
index 0000000..7b7d1d0
--- /dev/null
+++ b/src/ephy-sync-crypto.h
@@ -0,0 +1,51 @@
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * Copyright © 2016 Gabriel Ivascu <ivascu gabriel59 gmail com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef EPHY_EMBED_UTILS_H
+#define EPHY_EMBED_UTILS_H
+
+#include <glib-object.h>
+
+G_BEGIN_DECLS
+
+gchar *ephy_sync_crypto_kw (const gchar *name);
+gchar *ephy_sync_crypto_kwe (const gchar *name,
+ const gchar *emailUTF8);
+gchar *ephy_sync_crypto_encode_hex (guint8 *data,
+ gsize data_length);
+void ephy_sync_crypto_pbkdf2_1k (guint8 *key,
+ gsize key_length,
+ guint8 *salt,
+ gsize salt_length,
+ guint8 *out,
+ gsize out_length);
+void ephy_sync_crypto_hkdf (guint8 *in,
+ gsize in_length,
+ guint8 *salt,
+ gsize salt_length,
+ guint8 *info,
+ gsize info_length,
+ guint8 *out,
+ gsize out_length);
+void ephy_sync_crypto_display_hex (guint8 *data,
+ gsize data_length,
+ const gchar *data_name);
+
+G_END_DECLS
+
+#endif
diff --git a/src/ephy-sync-service.c b/src/ephy-sync-service.c
index a1123ab..a2d28af 100644
--- a/src/ephy-sync-service.c
+++ b/src/ephy-sync-service.c
@@ -1,3 +1,4 @@
+#include "ephy-sync-crypto.h"
#include "ephy-sync-service.h"
#include <string.h>
@@ -13,113 +14,6 @@ struct _EphySyncService {
G_DEFINE_TYPE (EphySyncService, ephy_sync_service, G_TYPE_OBJECT);
-static const gchar hex_digits[] = "0123456789abcdef";
-
-static gchar *
-KW (const gchar *name)
-{
- g_printf ("[%s:%d, %s]\n", __FILE__, __LINE__, __func__);
- return g_strconcat ("identity.mozilla.com/picl/v1/",
- name,
- NULL);
-}
-
-static gchar *
-KWE (const gchar *name,
- const gchar *emailUTF8)
-{
- g_printf ("[%s:%d, %s]\n", __FILE__, __LINE__, __func__);
- return g_strconcat ("identity.mozilla.com/picl/v1/",
- name,
- ":",
- emailUTF8,
- NULL);
-}
-
-static gchar *
-encode_hex (guint8 *data,
- gsize data_len)
-{
- gchar *retval = g_malloc (data_len * 2 + 1);
-
- for (gsize i = 0; i < data_len; i++) {
- guint8 byte = data[i];
-
- retval[2 * i] = hex_digits[byte >> 4];
- retval[2 * i + 1] = hex_digits[byte & 0xf];
- }
-
- retval[data_len * 2] = 0;
-
- return retval;
-}
-
-/*
- * Runs 1000 PBKDF2 iterations using sha256 as hash function.
- */
-static void pbkdf2_1k (gsize key_length, guint8 *key,
- gsize salt_length, guint8 *salt,
- gsize out_length, guint8 *out)
-{
- g_printf ("[%s:%d, %s]\n", __FILE__, __LINE__, __func__);
- pbkdf2_hmac_sha256 (key_length, key, 1000, salt_length, salt, out_length, out);
-}
-
-/*
- * HMAC-based Extract-and-Expand Key Derivation Function.
- * Uses sha256 as hash function.
- * https://tools.ietf.org/html/rfc5869
- */
-static void hkdf (gsize in_length, guint8 *in,
- gsize salt_length, guint8 *salt,
- gsize info_length, guint8 *info,
- gsize out_length, guint8 *out)
-{
- struct hmac_sha256_ctx ctx;
- const gsize hash_length = 32;
- gsize i, offset = 0;
- guint8 *tmp, *prk;
- guint8 counter;
-
- g_printf ("[%s:%d, %s]\n", __FILE__, __LINE__, __func__);
-
- if (out_length > hash_length * 255)
- return;
-
- /* If salt value was not provided, use an array of hash_length zeros */
- if (salt == NULL) {
- salt = g_malloc0 (hash_length);
- salt_length = hash_length;
- }
-
- tmp = g_malloc0 (hash_length + info_length + 1);
- prk = g_malloc0 (hash_length);
-
- /* Step 1: Extract */
- hmac_sha256_set_key (&ctx, salt_length, salt);
- hmac_sha256_update (&ctx, in_length, in);
- hmac_sha256_digest (&ctx, hash_length, prk);
-
- /* Step 2: Expand */
- hmac_sha256_set_key (&ctx, hash_length, prk);
-
- for (i = 0, counter = 1; i < out_length; i += hash_length, counter++) {
- memcpy (tmp + offset, info, info_length);
- tmp[offset + info_length] = counter;
-
- hmac_sha256_update (&ctx, offset + info_length + 1, tmp);
- hmac_sha256_digest (&ctx, hash_length, tmp);
-
- offset = hash_length;
-
- memcpy (out + i, tmp, hash_length);
- }
-
- g_free (salt);
- g_free (tmp);
- g_free (prk);
-}
-
static void
ephy_sync_service_class_init (EphySyncServiceClass *klass)
{
@@ -183,7 +77,7 @@ ephy_sync_service_try_login (EphySyncService *self,
message = soup_message_new (SOUP_METHOD_POST,
"https://api.accounts.firefox.com/v1/account/login");
- authPW_hex = encode_hex (authPW, TOKEN_LENGTH);
+ authPW_hex = ephy_sync_crypto_encode_hex (authPW, EPHY_SYNC_SERVICE_TOKEN_LENGTH);
request_body = g_strconcat ("{\"authPW\": \"",
authPW_hex,
"\", \"email\": \"",
@@ -219,44 +113,37 @@ ephy_sync_service_stretch (EphySyncService *self,
g_printf ("[%s:%d, %s]\n", __FILE__, __LINE__, __func__);
- salt_stretch = KWE ("quickStretch", emailUTF8);
- quickStretchedPW = g_malloc (TOKEN_LENGTH);
- pbkdf2_1k (strlen (passwordUTF8), (guint8 *) passwordUTF8,
- strlen (salt_stretch), (guint8 *) salt_stretch,
- TOKEN_LENGTH, quickStretchedPW);
-
- ephy_sync_service_display_hex ("quickStretchedPW", TOKEN_LENGTH, quickStretchedPW);
-
- info_auth = KW ("authPW");
- hkdf (TOKEN_LENGTH, quickStretchedPW,
- 0, NULL,
- strlen (info_auth), (guint8 *) info_auth,
- TOKEN_LENGTH, authPW);
-
- info_unwrap = KW ("unwrapBkey");
- hkdf (TOKEN_LENGTH, quickStretchedPW,
- 0, NULL,
- strlen (info_unwrap), (guint8 *) info_unwrap,
- TOKEN_LENGTH, unwrapBKey);
+ salt_stretch = ephy_sync_crypto_kwe ("quickStretch", emailUTF8);
+ quickStretchedPW = g_malloc (EPHY_SYNC_SERVICE_TOKEN_LENGTH);
+ ephy_sync_crypto_pbkdf2_1k ((guint8 *) passwordUTF8,
+ strlen (passwordUTF8),
+ (guint8 *) salt_stretch,
+ strlen (salt_stretch),
+ quickStretchedPW,
+ EPHY_SYNC_SERVICE_TOKEN_LENGTH);
+
+ ephy_sync_crypto_display_hex (quickStretchedPW, EPHY_SYNC_SERVICE_TOKEN_LENGTH, "quickStretchedPW");
+
+ info_auth = ephy_sync_crypto_kw ("authPW");
+ ephy_sync_crypto_hkdf (quickStretchedPW,
+ EPHY_SYNC_SERVICE_TOKEN_LENGTH,
+ NULL, 0,
+ (guint8 *) info_auth,
+ strlen (info_auth),
+ authPW,
+ EPHY_SYNC_SERVICE_TOKEN_LENGTH);
+
+ info_unwrap = ephy_sync_crypto_kw ("unwrapBkey");
+ ephy_sync_crypto_hkdf (quickStretchedPW,
+ EPHY_SYNC_SERVICE_TOKEN_LENGTH,
+ NULL, 0,
+ (guint8 *) info_unwrap,
+ strlen (info_unwrap),
+ unwrapBKey,
+ EPHY_SYNC_SERVICE_TOKEN_LENGTH);
g_free (salt_stretch);
g_free (info_unwrap);
g_free (info_auth);
g_free (quickStretchedPW);
}
-
-void
-ephy_sync_service_display_hex (const gchar *name,
- gsize length,
- guint8 *data)
-{
- g_printf ("[%s:%d, %s]\n", __FILE__, __LINE__, __func__);
-
- g_printf ("%s:\n", name);
- for (gsize i = 0; i < length; i++) {
- g_printf ("%02x", data[i]);
- if ((i + 1) % 8 == 0)
- g_printf ("\n");
- }
- g_printf ("\n");
-}
diff --git a/src/ephy-sync-service.h b/src/ephy-sync-service.h
index 3b37926..d77c04b 100644
--- a/src/ephy-sync-service.h
+++ b/src/ephy-sync-service.h
@@ -6,7 +6,7 @@
G_BEGIN_DECLS
#define EPHY_TYPE_SYNC_SERVICE (ephy_sync_service_get_type ())
-#define TOKEN_LENGTH 32
+#define EPHY_SYNC_SERVICE_TOKEN_LENGTH 32
G_DECLARE_FINAL_TYPE (EphySyncService, ephy_sync_service, EPHY, SYNC_SERVICE, GObject)
@@ -22,9 +22,6 @@ void ephy_sync_service_try_login (EphySyncService *self,
guint8 *authPW,
guint8 *sessionToken,
guint8 *keyFetchToken);
-void ephy_sync_service_display_hex (const gchar *name,
- gsize length,
- guint8 *data);
G_END_DECLS
diff --git a/src/ephy-sync-window.c b/src/ephy-sync-window.c
index db50189..0e9d2d8 100644
--- a/src/ephy-sync-window.c
+++ b/src/ephy-sync-window.c
@@ -1,10 +1,11 @@
-#include "ephy-sync-window.h"
-#include "ephy-sync-service.h"
#include "ephy-gui.h"
+#include "ephy-sync-crypto.h"
+#include "ephy-sync-service.h"
+#include "ephy-sync-window.h"
-#include <string.h>
#include <glib/gstdio.h>
#include <gtk/gtk.h>
+#include <string.h>
struct _EphySyncWindow {
GtkDialog parent_instance;
@@ -54,26 +55,26 @@ submit_action (GSimpleAction *action,
passwordUTF8 = g_strdup ("pässwörd");
}
- authPW = g_malloc (TOKEN_LENGTH);
- unwrapBKey = g_malloc (TOKEN_LENGTH);
+ authPW = g_malloc (EPHY_SYNC_SERVICE_TOKEN_LENGTH);
+ unwrapBKey = g_malloc (EPHY_SYNC_SERVICE_TOKEN_LENGTH);
ephy_sync_service_stretch (self->sync_service,
emailUTF8,
passwordUTF8,
authPW,
unwrapBKey);
- ephy_sync_service_display_hex ("authPW", TOKEN_LENGTH, authPW);
- ephy_sync_service_display_hex ("unwrapBKey", TOKEN_LENGTH, unwrapBKey);
+ ephy_sync_crypto_display_hex (authPW, EPHY_SYNC_SERVICE_TOKEN_LENGTH, "authPW");
+ ephy_sync_crypto_display_hex (unwrapBKey, EPHY_SYNC_SERVICE_TOKEN_LENGTH, "unwrapBKey");
- sessionToken = g_malloc (TOKEN_LENGTH);
- keyFetchToken = g_malloc0 (TOKEN_LENGTH);
+ sessionToken = g_malloc (EPHY_SYNC_SERVICE_TOKEN_LENGTH);
+ keyFetchToken = g_malloc (EPHY_SYNC_SERVICE_TOKEN_LENGTH);
ephy_sync_service_try_login (self->sync_service,
FALSE,
emailUTF8,
authPW,
sessionToken,
keyFetchToken);
- ephy_sync_service_display_hex ("sessionToken", TOKEN_LENGTH, sessionToken);
- ephy_sync_service_display_hex ("keyFetchToken", TOKEN_LENGTH, keyFetchToken);
+ ephy_sync_crypto_display_hex (sessionToken, EPHY_SYNC_SERVICE_TOKEN_LENGTH, "sessionToken");
+ ephy_sync_crypto_display_hex (keyFetchToken, EPHY_SYNC_SERVICE_TOKEN_LENGTH, "keyFetchToken");
g_free (authPW);
g_free (unwrapBKey);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]