Crypto: Implement a generic hashing API

Currently MD5 is implemented
2021-05-22 15:55:23 +02:00 · 2021-05-22 15:55:23 +02:00 · 2bda413698
parent a8b9d15d1b
commit 2bda413698
5 changed files with 344 additions and 4 deletions
--- a/src/zm_crypt.h
+++ b/src/zm_crypt.h
@ -20,10 +20,35 @@
 #ifndef ZM_CRYPT_H
 #define ZM_CRYPT_H

+#include "zm_config.h"
+#include "zm_crypto_gnutls.h"
+#include "zm_crypto_openssl.h"
+#include "zm_define.h"
 #include <string>
-#include <utility>

-bool verifyPassword( const char *username, const char *input_password, const char *db_password_hash);
+bool verifyPassword(const char *username, const char *input_password, const char *db_password_hash);

-std::pair <std::string, unsigned int>  verifyToken(std::string token, std::string key);
-#endif // ZM_CRYPT_H
+std::pair<std::string, unsigned int> verifyToken(std::string token, std::string key);
+
+namespace zm {
+namespace crypto {
+namespace impl {
+
+#if defined(HAVE_LIBGNUTLS)
+template<HashAlgorithms Algorithm>
+using Hash = gnutls::GenericHashImpl<Algorithm>;
+#elif defined(HAVE_LIBOPENSSL)
+template<HashAlgorithms Algorithm>
+using Hash = openssl::GenericHashImpl<Algorithm>;
+#endif
+}
+}
+}
+
+namespace zm {
+namespace crypto {
+using MD5 = impl::Hash<impl::HashAlgorithms::kMD5>;
+}
+}
+
+#endif // ZM_CRYPT_H
--- a/src/zm_crypto_generics.h
+++ b/src/zm_crypto_generics.h
@ -0,0 +1,102 @@
+/*
+ * This file is part of the ZoneMinder Project. See AUTHORS file for Copyright information
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZONEMINDER_SRC_ZM_CRYPTO_GENERICS_H_
+#define ZONEMINDER_SRC_ZM_CRYPTO_GENERICS_H_
+
+#include "zm_define.h"
+#include "zm_utils.h"
+#include <array>
+#include <cstring>
+
+namespace zm {
+namespace crypto {
+namespace impl {
+
+enum class HashAlgorithms {
+  kMD5
+};
+
+template<HashAlgorithms Algorithm>
+struct HashAlgorithm;
+
+template<>
+struct HashAlgorithm<HashAlgorithms::kMD5> {
+  static constexpr size_t digest_length = 16;
+};
+
+template<typename Impl, HashAlgorithms Algorithm>
+class GenericHash {
+ public:
+  static constexpr size_t DIGEST_LENGTH = HashAlgorithm<Algorithm>::digest_length;
+  using Digest = std::array<uint8, DIGEST_LENGTH>;
+
+  static Digest GetDigestOf(uint8 const *data, size_t len) {
+    Impl hash;
+    hash.UpdateData(data, len);
+    hash.Finalize();
+    return hash.GetDigest();
+  }
+
+  template<typename... Ts>
+  static Digest GetDigestOf(Ts &&... pack) {
+    Impl hash;
+    UpdateData(hash, std::forward<Ts>(pack)...);
+    hash.Finalize();
+    return hash.GetDigest();
+  }
+
+  void UpdateData(const uint8 *data, size_t length) {
+    static_cast<Impl &>(*this).DoUpdateData(data, length);
+  }
+  void UpdateData(const std::string &str) {
+    UpdateData(reinterpret_cast<const uint8 *>(str.c_str()), str.size());
+  }
+  void UpdateData(const char *str) {
+    UpdateData(reinterpret_cast<const uint8 *>(str), strlen(str));
+  }
+  template<typename Container>
+  void UpdateData(Container const &c) {
+    UpdateData(ZM::data(c), ZM::size(c));
+  }
+
+  void Finalize() {
+    static_cast<Impl &>(*this).DoFinalize();
+  }
+
+  const Digest &GetDigest() const { return digest_; }
+
+ protected:
+  Digest digest_ = {};
+
+ private:
+  template<typename T>
+  static void UpdateData(Impl &hash, T const &data) {
+    hash.UpdateData(data);
+  }
+
+  template<typename T, typename... TRest>
+  static void UpdateData(Impl &hash, T const &data, TRest &&... rest) {
+    hash.UpdateData(data);
+    UpdateData(hash, std::forward<TRest>(rest)...);
+  }
+};
+}
+}
+}
+
+#endif //ZONEMINDER_SRC_ZM_CRYPTO_GENERICS_H_
--- a/src/zm_crypto_gnutls.h
+++ b/src/zm_crypto_gnutls.h
@ -0,0 +1,70 @@
+/*
+ * This file is part of the ZoneMinder Project. See AUTHORS file for Copyright information
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZONEMINDER_SRC_ZM_CRYPTO_GNUTLS_H_
+#define ZONEMINDER_SRC_ZM_CRYPTO_GNUTLS_H_
+
+#ifdef HAVE_LIBGNUTLS
+
+#include "zm_crypto_generics.h"
+#include "zm_utils.h"
+#include <gnutls/crypto.h>
+
+namespace zm {
+namespace crypto {
+namespace impl {
+namespace gnutls {
+
+template<HashAlgorithms Algorithm>
+struct HashAlgorithmMapper;
+
+template<>
+struct HashAlgorithmMapper<HashAlgorithms::kMD5> {
+  static constexpr gnutls_digest_algorithm_t algorithm = GNUTLS_DIG_MD5;
+};
+
+template<HashAlgorithms Algorithm>
+class GenericHashImpl : public GenericHash<GenericHashImpl<Algorithm>, Algorithm> {
+ public:
+  GenericHashImpl() {
+    int32 ret = gnutls_hash_init(&handle_, HashAlgorithmMapper<Algorithm>::algorithm);
+    ASSERT(ret == 0);
+  };
+
+  void DoUpdateData(const uint8 *data, size_t length) {
+    int32 res = gnutls_hash(handle_, data, length);
+    ASSERT(res == 0);
+  }
+
+  void DoFinalize() {
+    gnutls_hash_deinit(handle_, digest_.data());
+  }
+
+ private:
+  gnutls_hash_hd_t handle_ = {};
+
+  using Base = GenericHash<GenericHashImpl<Algorithm>, Algorithm>;
+  using Base::digest_;
+};
+}
+}
+}
+}
+
+#endif // HAVE_LIBGNUTLS
+
+#endif // ZONEMINDER_SRC_ZM_CRYPTO_GNUTLS_H_
--- a/src/zm_crypto_openssl.h
+++ b/src/zm_crypto_openssl.h
@ -0,0 +1,94 @@
+/*
+ * This file is part of the ZoneMinder Project. See AUTHORS file for Copyright information
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZONEMINDER_SRC_ZM_CRYPTO_OPENSSL_H_
+#define ZONEMINDER_SRC_ZM_CRYPTO_OPENSSL_H_
+
+#ifdef HAVE_LIBOPENSSL
+
+#include "zm_crypto_generics.h"
+#include "zm_utils.h"
+#include <openssl/evp.h>
+
+namespace zm {
+namespace crypto {
+namespace impl {
+namespace openssl {
+
+typedef EVP_MD const *(*HashCreator)();
+
+template<HashAlgorithms Algorithm>
+struct HashAlgorithmMapper;
+
+template<>
+struct HashAlgorithmMapper<HashAlgorithms::kMD5> {
+// TODO: Remove conditional once Jessie and CentOS 7 are deprecated
+// This is needed since GCC 4.8 is faulty (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60199)
+#if defined(__GNUC__) && __GNUC__ < 5
+  static HashCreator hash_creator() {
+    static constexpr HashCreator creator = EVP_md5;
+    return creator;
+  }
+#else
+  static constexpr HashCreator hash_creator = EVP_md5;
+#endif
+};
+
+template<HashAlgorithms Algorithm>
+class GenericHashImpl : public GenericHash<GenericHashImpl<Algorithm>, Algorithm> {
+ public:
+  GenericHashImpl() {
+    // TODO: Use EVP_MD_CTX_new once we drop support for Jessie and CentOS 7 (OpenSSL > 1.1.0)
+    ctx_ = EVP_MD_CTX_create();
+#if defined(__GNUC__) && __GNUC__ < 5
+    EVP_DigestInit_ex(ctx_, HashAlgorithmMapper<Algorithm>::hash_creator()(), nullptr);
+#else
+    EVP_DigestInit_ex(ctx_, HashAlgorithmMapper<Algorithm>::hash_creator(), nullptr);
+#endif
+  };
+
+  ~GenericHashImpl() {
+    // TODO: Use EVP_MD_CTX_free once we drop support for Jessie and CentOS 7 (OpenSSL > 1.1.0)
+    EVP_MD_CTX_destroy(ctx_);
+  }
+
+  void DoUpdateData(const uint8 *data, size_t length) {
+    int32 res = EVP_DigestUpdate(ctx_, data, length);
+    ASSERT(res == 1);
+  }
+
+  void DoFinalize() {
+    uint32 length = 0;
+    int32 res = EVP_DigestFinal_ex(ctx_, digest_.data(), &length);
+    ASSERT(res == 1);
+    ASSERT(length == HashAlgorithm<Algorithm>::digest_length);
+  }
+
+ private:
+  EVP_MD_CTX *ctx_;
+
+  using Base = GenericHash<GenericHashImpl<Algorithm>, Algorithm>;
+  using Base::digest_;
+};
+}
+}
+}
+}
+
+#endif // HAVE_LIBOPENSSL
+
+#endif // ZONEMINDER_SRC_ZM_CRYPTO_OPENSSL_H_
--- a/tests/zm_crypt.cpp
+++ b/tests/zm_crypt.cpp
@ -76,3 +76,52 @@ TEST_CASE("JWT validation") {
    REQUIRE(result.second == 0);
  }
 }
+
+TEST_CASE("zm::crypto::MD5") {
+  using namespace zm::crypto;
+  MD5 md5;
+
+  REQUIRE(md5.GetDigest() == MD5::Digest());
+
+  SECTION("hash from const char*") {
+    md5.UpdateData("abcdefghijklmnopqrstuvwxyz");
+    md5.Finalize();
+
+    REQUIRE(md5.GetDigest() == MD5::Digest{0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, 0x7d, 0xfb, 0x49, 0x6c, 0xca,
+                                           0x67, 0xe1, 0x3b});
+  }
+
+  SECTION("hash from std::string") {
+    md5.UpdateData(std::string("abcdefghijklmnopqrstuvwxyz"));
+    md5.Finalize();
+
+    REQUIRE(md5.GetDigest() == MD5::Digest{0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, 0x7d, 0xfb, 0x49, 0x6c, 0xca,
+                                           0x67, 0xe1, 0x3b});
+  }
+}
+
+TEST_CASE("zm::crypto::MD5::GetDigestOf") {
+  using namespace zm::crypto;
+  std::array<uint8, 3> data = {'a', 'b', 'c'};
+
+  SECTION("data and len") {
+    MD5::Digest digest = MD5::GetDigestOf(reinterpret_cast<const uint8 *>(data.data()), data.size());
+
+    REQUIRE(digest == MD5::Digest{0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1,
+                                  0x7f, 0x72});
+  }
+
+  SECTION("container") {
+    MD5::Digest digest = MD5::GetDigestOf(data);
+
+    REQUIRE(digest == MD5::Digest{0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1,
+                                  0x7f, 0x72});
+  }
+
+  SECTION("multiple containers") {
+    MD5::Digest digest = MD5::GetDigestOf(data, data);
+
+    REQUIRE(digest == MD5::Digest{0x44, 0x0a, 0xc8, 0x58, 0x92, 0xca, 0x43, 0xad, 0x26, 0xd4, 0x4c, 0x7a, 0xd9, 0xd4,
+                                  0x7d, 0x3e});
+  }
+}