WIP: core unlock code - password hashing functions

4 files changed, 90 insertions, 55 deletions

diff --git a/src/remmina_sodium.c b/src/remmina_sodium.c
index 45ae28645..8c68b0a51 100644
--- a/src/remmina_sodium.c
+++ b/src/remmina_sodium.c
@@ -32,6 +32,28 @@
  *
  */
 
+/**
+ * @file remmina_sodium.c
+ * @brief Remmina encryption functions,
+ * @author Antenore Gatta
+ * @date 31 Mar 2019
+ *
+ * These functions are used to:
+ *  - hash password using the Argon2 hashing algorithm.
+ *  - Encrypt and decrypt data streams (files for examples).
+ *
+ * @code
+ *
+ *  gchar *test = remmina_sodium_pwhash("Password test");
+ *  g_free(test);
+ *  test = remmina_sodium_pwhash_str("Password Test");
+ *  g_free(test);
+ *  gint rc = remmina_sodium_pwhash_str_verify("$argon2id$v=19$m=65536,t=2,p=1$6o+kpazlHSaevezH2J9qUA$4pN75oHgyh1BLc/b+ybLYHjZbatG4ZSCSlxLI32YPY4", "Password Test");
+ *
+ * @endcode
+ *
+ */
+
 #include <string.h>
 
 #if defined(__linux__)
@@ -49,45 +71,62 @@
 #include "remmina_sodium.h"
 #include "remmina/remmina_trace_calls.h"
 
-static void remmina_sodium_pwhash(const char *pass)
+gchar *remmina_sodium_pwhash(const gchar *pass)
 {
+	TRACE_CALL(__func__);
 	g_info("Generating passphrase (may take a while)...");
 	/* Create a random salt for the key derivation function */
-	unsigned char salt[crypto_pwhash_SALTBYTES] = {0};
+	unsigned char salt[crypto_pwhash_SALTBYTES] = { 0 };
 	randombytes_buf(salt, sizeof salt);
 
 	/* Use argon2 to convert password to a full size key */
 	unsigned char key[crypto_secretbox_KEYBYTES];
 	if (crypto_pwhash(key, sizeof key, pass, strlen(pass), salt,
-			crypto_pwhash_OPSLIMIT_INTERACTIVE,
-			crypto_pwhash_MEMLIMIT_INTERACTIVE,
-			crypto_pwhash_ALG_DEFAULT) != 0) {
+			  crypto_pwhash_OPSLIMIT_INTERACTIVE,
+			  crypto_pwhash_MEMLIMIT_INTERACTIVE,
+			  crypto_pwhash_ALG_DEFAULT) != 0) {
 		g_error("Out of memory!\n");
 		exit(1);
 	}
 
 	g_info("Password hashed, it is: %s", key);
+	return g_strdup((const char *)key);
 }
-static void remmina_sodium_pwhash_str(const char *pass)
+
+gchar *remmina_sodium_pwhash_str(const gchar *pass)
 {
+	TRACE_CALL(__func__);
 	g_info("Generating passphrase (may take a while)...");
 	/* Create a random salt for the key derivation function */
-	unsigned char salt[crypto_pwhash_SALTBYTES] = {0};
+	unsigned char salt[crypto_pwhash_SALTBYTES] = { 0 };
 	randombytes_buf(salt, sizeof salt);
 
 	/* Use argon2 to convert password to a full size key */
 	char key[crypto_pwhash_STRBYTES];
 	if (crypto_pwhash_str(key, pass, strlen(pass),
-				crypto_pwhash_OPSLIMIT_INTERACTIVE,
-				crypto_pwhash_MEMLIMIT_INTERACTIVE) != 0) {
+			      crypto_pwhash_OPSLIMIT_INTERACTIVE,
+			      crypto_pwhash_MEMLIMIT_INTERACTIVE) != 0) {
 		g_error("Out of memory!\n");
 		exit(1);
 	}
 
 	g_info("Password hashed, it is: %s", key);
+	return g_strdup((const char *)key);
 }
 
-void remmina_sodium_init(void) {
+gint remmina_sodium_pwhash_str_verify(const char *key, const char *pass)
+{
+	TRACE_CALL(__func__);
+
+	gint rc;
+
+	rc = crypto_pwhash_str_verify(key, pass, strlen(pass));
+
+	return rc;
+}
+
+void remmina_sodium_init(void)
+{
 	TRACE_CALL(__func__);
 #if defined(__linux__) && defined(RNDGETENTCNT)
 	int fd;
@@ -96,18 +135,14 @@ void remmina_sodium_init(void) {
 	if ((fd = open("/dev/random", O_RDONLY)) != -1) {
 		if (ioctl(fd, RNDGETENTCNT, &c) == 0 && c < 160) {
 			g_printerr("This system doesn't provide enough entropy to quickly generate high-quality random numbers.\n"
-				"Installing the rng-utils/rng-tools, jitterentropy or haveged packages may help.\n"
-				"On virtualized Linux environments, also consider using virtio-rng.\n"
-				"The service will not start until enough entropy has been collected.\n");
+				   "Installing the rng-utils/rng-tools, jitterentropy or haveged packages may help.\n"
+				   "On virtualized Linux environments, also consider using virtio-rng.\n"
+				   "The service will not start until enough entropy has been collected.\n");
 		}
-		(void) close(fd);
+		(void)close(fd);
 	}
 #endif
-	if (sodium_init() < 0) {
-		g_critical ("%s - Failed to initialize sodium, it is not safe to use", __func__);
-	}
-
-	//remmina_sodium_pwhash("Test di una password 123");
-	remmina_sodium_pwhash_str("Test di una password 123");
 
+	if (sodium_init() < 0)
+		g_critical("%s - Failed to initialize sodium, it is not safe to use", __func__);
 }
diff --git a/src/remmina_sodium.h b/src/remmina_sodium.h
index 5c07a4f6d..7890ca9ef 100644
--- a/src/remmina_sodium.h
+++ b/src/remmina_sodium.h
@@ -37,6 +37,8 @@
 G_BEGIN_DECLS
 
 void remmina_sodium_init(void);
+gchar *remmina_sodium_pwhash(const gchar *pass);
+gchar *remmina_sodium_pwhash_str(const gchar *pass);
+gint remmina_sodium_pwhash_str_verify(const char *key, const char *pass);
 
 G_END_DECLS
-
diff --git a/src/remmina_unlock.c b/src/remmina_unlock.c
index 452479fb6..203dd29ab 100644
--- a/src/remmina_unlock.c
+++ b/src/remmina_unlock.c
@@ -46,21 +46,21 @@
 static RemminaUnlockDialog *remmina_unlock_dialog;
 #define GET_OBJ(object_name) gtk_builder_get_object(remmina_unlock_dialog->builder, object_name)
 
-static void remmina_unlock_timer_init (gpointer user_data)
+static void remmina_unlock_timer_init(gpointer user_data)
 {
 	TRACE_CALL(__func__);
 
 	remmina_unlock_dialog->timer = g_timer_new();
 }
 
-static void remmina_unlock_timer_reset (gpointer user_data)
+static void remmina_unlock_timer_reset(gpointer user_data)
 {
 	TRACE_CALL(__func__);
 
 	g_timer_reset(remmina_unlock_dialog->timer);
 }
 
-static void remmina_unlock_timer_destroy (gpointer user_data)
+static void remmina_unlock_timer_destroy(gpointer user_data)
 {
 	TRACE_CALL(__func__);
 
@@ -85,32 +85,31 @@ static void remmina_button_unlock_cancel_clicked(GtkButton *btn, gpointer user_d
 
 void remmina_unlock_new(GtkWindow *parent)
 {
-    TRACE_CALL(__func__);
+	TRACE_CALL(__func__);
 
-    remmina_unlock_dialog = g_new0(RemminaUnlockDialog, 1);
+	remmina_unlock_dialog = g_new0(RemminaUnlockDialog, 1);
 
-    //if (remmina_unlock_dialog->unlock_init)
-    remmina_unlock_dialog->builder = remmina_public_gtk_builder_new_from_file("remmina_unlock.glade");
-    remmina_unlock_dialog->dialog = GTK_DIALOG(gtk_builder_get_object(remmina_unlock_dialog->builder, "RemminaUnlockDialog"));
-    if (parent)
-        gtk_window_set_transient_for(GTK_WINDOW(remmina_unlock_dialog->dialog), parent);
+	//if (remmina_unlock_dialog->unlock_init)
+	remmina_unlock_dialog->builder = remmina_public_gtk_builder_new_from_file("remmina_unlock.glade");
+	remmina_unlock_dialog->dialog = GTK_DIALOG(gtk_builder_get_object(remmina_unlock_dialog->builder, "RemminaUnlockDialog"));
+	if (parent)
+		gtk_window_set_transient_for(GTK_WINDOW(remmina_unlock_dialog->dialog), parent);
 
-    remmina_unlock_dialog->entry_unlock = GTK_ENTRY(GET_OBJ("entry_unlock"));
-    gtk_entry_set_activates_default (GTK_ENTRY(remmina_unlock_dialog->entry_unlock), TRUE);
-    remmina_unlock_dialog->button_unlock = GTK_BUTTON(GET_OBJ("button_unlock"));
-    gtk_widget_set_can_default(GTK_WIDGET(remmina_unlock_dialog->button_unlock), TRUE);
-    gtk_widget_grab_default (GTK_WIDGET(remmina_unlock_dialog->button_unlock));
-    remmina_unlock_dialog->button_unlock_cancel = GTK_BUTTON(GET_OBJ("button_unlock_cancel"));
+	remmina_unlock_dialog->entry_unlock = GTK_ENTRY(GET_OBJ("entry_unlock"));
+	gtk_entry_set_activates_default(GTK_ENTRY(remmina_unlock_dialog->entry_unlock), TRUE);
+	remmina_unlock_dialog->button_unlock = GTK_BUTTON(GET_OBJ("button_unlock"));
+	gtk_widget_set_can_default(GTK_WIDGET(remmina_unlock_dialog->button_unlock), TRUE);
+	gtk_widget_grab_default(GTK_WIDGET(remmina_unlock_dialog->button_unlock));
+	remmina_unlock_dialog->button_unlock_cancel = GTK_BUTTON(GET_OBJ("button_unlock_cancel"));
 
-    g_signal_connect(remmina_unlock_dialog->button_unlock, "clicked",
-            G_CALLBACK(remmina_button_unlock_clicked), (gpointer)remmina_unlock_dialog);
-    g_signal_connect(remmina_unlock_dialog->button_unlock_cancel, "clicked",
-            G_CALLBACK(remmina_button_unlock_cancel_clicked), (gpointer)remmina_unlock_dialog);
+	g_signal_connect(remmina_unlock_dialog->button_unlock, "clicked",
+			 G_CALLBACK(remmina_button_unlock_clicked), (gpointer)remmina_unlock_dialog);
+	g_signal_connect(remmina_unlock_dialog->button_unlock_cancel, "clicked",
+			 G_CALLBACK(remmina_button_unlock_cancel_clicked), (gpointer)remmina_unlock_dialog);
 
-    /* Connect signals */
-    gtk_builder_connect_signals(remmina_unlock_dialog->builder, NULL);
+	/* Connect signals */
+	gtk_builder_connect_signals(remmina_unlock_dialog->builder, NULL);
 
-    if (remmina_pref_get_boolean("use_master_password"))
-	    gtk_dialog_run(remmina_unlock_dialog->dialog);
+	if (remmina_pref_get_boolean("use_master_password"))
+		gtk_dialog_run(remmina_unlock_dialog->dialog);
 }
-
diff --git a/src/remmina_unlock.h b/src/remmina_unlock.h
index ff63c0605..7dea56324 100644
--- a/src/remmina_unlock.h
+++ b/src/remmina_unlock.h
@@ -35,18 +35,17 @@
 #pragma once
 
 typedef struct _RemminaUnlockDialog {
-	GtkBuilder *builder;
-	GtkDialog *dialog;
+	GtkBuilder *	builder;
+	GtkDialog *	dialog;
 
-	GtkEntry *entry_unlock;
-	GtkButton *button_unlock;
-	GtkButton *button_unlock_cancel;
+	GtkEntry *	entry_unlock;
+	GtkButton *	button_unlock;
+	GtkButton *	button_unlock_cancel;
 
-	gboolean unlock_init;
-	GTimer *timer;
-
-	int retval;
+	gboolean	unlock_init;
+	GTimer *	timer;
 
+	int		retval;
 } RemminaUnlockDialog;
 
 G_BEGIN_DECLS