Merge branch 'salt'

2017-06-20 17:47:05 -04:00 · 2017-06-20 17:47:05 -04:00 · 742ccf02a7
commit 742ccf02a7
parent 6616315269 9f526be198
5 changed files with 167 additions and 3 deletions
--- a/src/modules/users/CMakeLists.txt
+++ b/src/modules/users/CMakeLists.txt
@ -1,8 +1,16 @@
-include_directories( ${PROJECT_BINARY_DIR}/src/libcalamaresui )
+find_package(ECM 5.10.0 NO_MODULE)
+if( ECM_FOUND )
+    set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH} ${CMAKE_MODULE_PATH})
+    include( ECMAddTests )
+endif()
+
+find_package( Qt5 COMPONENTS Core Test REQUIRED )

 list( APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMakeModules" )
 find_package( Crypt )

+include_directories( ${PROJECT_BINARY_DIR}/src/libcalamaresui )
+
 calamares_add_plugin( users
    TYPE viewmodule
    EXPORT_MACRO PLUGINDLLEXPORT_PRO
@ -21,3 +29,18 @@ calamares_add_plugin( users
        ${CRYPT_LIBRARIES}
    SHARED_LIB
 )
+
+if( ECM_FOUND )
+    ecm_add_test(
+            PasswordTests.cpp
+            SetPasswordJob.cpp
+        TEST_NAME
+            passwordtest
+        LINK_LIBRARIES
+            ${CALAMARES_LIBRARIES}
+            Qt5::Core
+            Qt5::Test
+            ${CRYPT_LIBRARIES}
+    )
+    set_target_properties( passwordtest PROPERTIES AUTOMOC TRUE )
+endif()
--- a/src/modules/users/PasswordTests.cpp
+++ b/src/modules/users/PasswordTests.cpp
@ -0,0 +1,54 @@
+/* === This file is part of Calamares - <http://github.com/calamares> ===
+ *
+ *   Copyright 2017, Adriaan de Groot <groot@kde.org>
+ *
+ *   Calamares is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   Calamares is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with Calamares. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "SetPasswordJob.h"
+
+#include "PasswordTests.h"
+
+#include <QtTest/QtTest>
+
+QTEST_GUILESS_MAIN( PasswordTests )
+
+PasswordTests::PasswordTests()
+{
+}
+
+PasswordTests::~PasswordTests()
+{
+}
+
+void
+PasswordTests::initTestCase()
+{
+}
+
+void
+PasswordTests::testSalt()
+{
+    QString s = SetPasswordJob::make_salt( 8 );
+    QCOMPARE( s.length(), 4 + 8 ); // 8 salt chars, plus $6$, plus trailing $
+    QVERIFY( s.startsWith( "$6$" ) );
+    QVERIFY( s.endsWith( '$' ) );
+    qDebug() << "Obtained salt" << s;
+
+    s = SetPasswordJob::make_salt( 11 );
+    QCOMPARE( s.length(), 4 + 11 );
+    QVERIFY( s.startsWith( "$6$" ) );
+    QVERIFY( s.endsWith( '$' ) );
+    qDebug() << "Obtained salt" << s;
+}
--- a/src/modules/users/PasswordTests.h
+++ b/src/modules/users/PasswordTests.h
@ -0,0 +1,36 @@
+/* === This file is part of Calamares - <http://github.com/calamares> ===
+ *
+ *   Copyright 2017, Adriaan de Groot <groot@kde.org>
+ *
+ *   Calamares is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   Calamares is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with Calamares. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef PASSWORDTESTS_H
+#define PASSWORDTESTS_H
+
+#include <QObject>
+
+class PasswordTests : public QObject
+{
+    Q_OBJECT
+public:
+    PasswordTests();
+    ~PasswordTests() override;
+
+private Q_SLOTS:
+    void initTestCase();
+    void testSalt();
+};
+
+#endif
--- a/src/modules/users/SetPasswordJob.cpp
+++ b/src/modules/users/SetPasswordJob.cpp
@ -1,6 +1,7 @@
 /* === This file is part of Calamares - <http://github.com/calamares> ===
 *
 *   Copyright 2014-2017, Teo Mrnjavac <teo@kde.org>
+ *   Copyright 2017, Adriaan de Groot <groot@kde.org>
 *
 *   Calamares is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@ -25,6 +26,7 @@

 #include <QDir>

+#include <random>
 #include <crypt.h>


@ -50,6 +52,53 @@ SetPasswordJob::prettyStatusMessage() const
 }


+/// Returns a modular hashing salt for method 6 (SHA512) with a 16 character random salt.
+QString
+SetPasswordJob::make_salt(size_t length)
+{
+    Q_ASSERT(length >= 8);
+    Q_ASSERT(length <= 128);
+
+    static const char salt_chars[] = {
+        '.', '/', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B',
+        'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
+        'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
+        'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
+        's', 't', 'u', 'v', 'w', 'x', 'y', 'z' };
+
+    static_assert( sizeof(salt_chars) == 64, "Missing salt_chars");
+
+    std::random_device r;
+    std::seed_seq seed{r(), r(), r(), r(), r(), r(), r(), r()};
+    std::mt19937_64 twister(seed);
+
+    std::uint64_t next;
+    size_t current_length = 0;
+
+    QString salt_string;
+    salt_string.reserve(length + 10);
+
+    while ( current_length < length )
+    {
+        next = twister();
+        // In 64 bits, we have 10 blocks of 6 bits; map each block of 6 bits
+        // to a single salt character.
+        for ( unsigned int char_count = 0; char_count < 10; ++char_count )
+        {
+            char c = salt_chars[next & 0b0111111];
+            next >>= 6;
+            salt_string.append( c );
+            if (++current_length >= length)
+                break;
+        }
+    }
+
+    salt_string.truncate( length );
+    salt_string.insert( 0, "$6$" );
+    salt_string.append( '$' );
+    return salt_string;
+}
+
 Calamares::JobResult
 SetPasswordJob::exec()
 {
@ -75,8 +124,7 @@ SetPasswordJob::exec()

    QString encrypted = QString::fromLatin1(
                            crypt( m_newPassword.toUtf8(),
-                                   QString( "$6$%1$" )
-                                .arg( m_userName ).toUtf8() ) );
+                                   make_salt( 16 ).toUtf8() ) );

    int ec = CalamaresUtils::System::instance()->
                          targetEnvCall( { "usermod",
--- a/src/modules/users/SetPasswordJob.h
+++ b/src/modules/users/SetPasswordJob.h
@ -1,6 +1,7 @@
 /* === This file is part of Calamares - <http://github.com/calamares> ===
 *
 *   Copyright 2014-2015, Teo Mrnjavac <teo@kde.org>
+ *   Copyright 2017, Adriaan de Groot <groot@kde.org>
 *
 *   Calamares is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@ -32,6 +33,8 @@ public:
    QString prettyStatusMessage() const override;
    Calamares::JobResult exec() override;

+    static QString make_salt(size_t length);
+
 private:
    QString m_userName;
    QString m_newPassword;