diff options
| author | Cyrille Bagard <nocbos@gmail.com> | 2025-02-08 15:57:23 (GMT) |
|---|---|---|
| committer | Cyrille Bagard <nocbos@gmail.com> | 2025-02-08 15:57:23 (GMT) |
| commit | 71d0b80eca2fd2aed5883e2a6a57cb8c03aa27ff (patch) | |
| tree | 74c9654c9c6d02059ba9aff4536ce0ea25e7763c /plugins/pychrysalide/core | |
| parent | c928f8abb669d37e77bd9056240074941a945bb9 (diff) | |
Introduce a secure storage.
Diffstat (limited to 'plugins/pychrysalide/core')
| -rw-r--r-- | plugins/pychrysalide/core/Makefile.am | 3 | ||||
| -rw-r--r-- | plugins/pychrysalide/core/module.c | 2 | ||||
| -rw-r--r-- | plugins/pychrysalide/core/secstorage.c | 465 | ||||
| -rw-r--r-- | plugins/pychrysalide/core/secstorage.h | 39 |
4 files changed, 508 insertions, 1 deletions
diff --git a/plugins/pychrysalide/core/Makefile.am b/plugins/pychrysalide/core/Makefile.am index 5588c9f..6ba9fc8 100644 --- a/plugins/pychrysalide/core/Makefile.am +++ b/plugins/pychrysalide/core/Makefile.am @@ -15,7 +15,8 @@ libpychrysacore_la_SOURCES = \ constants.h constants.c \ logs.h logs.c \ module.h module.c \ - nox.h nox.c + nox.h nox.c \ + secstorage.h secstorage.c libpychrysacore_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_INTERPRETER_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT diff --git a/plugins/pychrysalide/core/module.c b/plugins/pychrysalide/core/module.c index 4af0403..7eceddd 100644 --- a/plugins/pychrysalide/core/module.c +++ b/plugins/pychrysalide/core/module.c @@ -35,6 +35,7 @@ //#include "params.h" //#include "processors.h" //#include "queue.h" +#include "secstorage.h" #include "../helpers.h" @@ -110,6 +111,7 @@ bool populate_core_module(void) //if (result) result = populate_core_module_with_params(); //if (result) result = populate_core_module_with_processors(); //if (result) result = populate_core_module_with_queue(); + if (result) result = populate_core_module_with_secstorage(); assert(result); diff --git a/plugins/pychrysalide/core/secstorage.c b/plugins/pychrysalide/core/secstorage.c new file mode 100644 index 0000000..67779af --- /dev/null +++ b/plugins/pychrysalide/core/secstorage.c @@ -0,0 +1,465 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * secstorage.c - équivalent Python du fichier "core/secstorage.c" + * + * Copyright (C) 2025 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "secstorage.h" + + +#include <core/secstorage.h> + + +#include "../access.h" +#include "../convert.h" +#include "../helpers.h" + + + +/* Détermine si une clef de chiffrement protégée est en place. */ +static PyObject *py_secstorage_has_secret_storage_key(PyObject *, PyObject *); + +/* Définit un mot de passe pour protéger une clef maître. */ +static PyObject *py_secstorage_set_secret_storage_password(PyObject *, PyObject *); + +/* Détermine si la clef de chiffrement maître est vérouillée. */ +static PyObject *py_secstorage_is_secret_storage_locked(PyObject *, PyObject *); + +/* Déverrouille la clef de chiffrement maître. */ +static PyObject *py_secstorage_unlock_secret_storage(PyObject *, PyObject *); + +/* Verrouille la clef de chiffrement maître. */ +static PyObject *py_secstorage_lock_secret_storage(PyObject *, PyObject *); + +/* Chiffre des données avec la clef de chiffrement maître. */ +static PyObject *py_secstorage_encrypt_secret_storage_data(PyObject *, PyObject *); + +/* Déchiffre des données avec la clef de chiffrement maître. */ +static PyObject *py_secstorage_decrypt_secret_storage_data(PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* args = arguments fournis à l'appel. * +* * +* Description : Détermine si un mot de passe est actuellement en place. * +* * +* Retour : Bilan de l'analyse. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_secstorage_has_secret_storage_key(PyObject *self, PyObject *args) +{ + PyObject *result; /* Conversion à retourner */ + GSettings *settings; /* Configuration à considérer */ + int ret; /* Bilan de lecture des args. */ + bool status; /* Bilan de situation */ + +#define SECSTORAGE_HAS_SECRET_STORAGE_KEY_METHOD PYTHON_METHOD_DEF \ +( \ + has_secret_storage_key, "/, settings=None", \ + METH_VARARGS, py_secstorage, \ + "Indicate if a master key used for protecting secrets seems to have"\ + " been defined.\n" \ + "\n" \ + "The *settings* arguement must point to a GSettings intance; the" \ + " main configuration settings are used by default.\n" \ + "\n" \ + "The result is a boolean status: *True* if the master key seems" \ + " to exist, *False* otherwise." \ +) + + ret = PyArg_ParseTuple(args, "O&", convert_to_gsettings, &settings); + if (!ret) return NULL; + + status = has_secret_storage_key(settings); + + result = status ? Py_True : Py_False; + Py_INCREF(result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* args = arguments fournis à l'appel. * +* * +* Description : Définit un mot de passe pour protéger une clef maître. * +* * +* Retour : Bilan de la mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_secstorage_set_secret_storage_password(PyObject *self, PyObject *args) +{ + PyObject *result; /* Conversion à retourner */ + GSettings *settings; /* Configuration à considérer */ + const char *passwd; /* Mot de passe associé */ + int ret; /* Bilan de lecture des args. */ + bool status; /* Bilan de situation */ + +#define SECSTORAGE_SET_SECRET_STORAGE_PASSWORD_METHOD PYTHON_METHOD_DEF \ +( \ + set_secret_storage_password, "/, settings=None, password=''", \ + METH_VARARGS, py_secstorage, \ + "Create a master key used for protecting secrets. This key is" \ + " itself protected by the provided password.\n" \ + "\n" \ + "The *settings* arguement must point to a GSettings intance; the" \ + " main configuration settings are used by default. The supplied" \ + " *password* has to be a string.\n" \ + "\n" \ + "The result is a boolean status: *True* if the operation successed,"\ + " *False* otherwise." \ +) + + settings = NULL; + passwd = ""; + + ret = PyArg_ParseTuple(args, "|O&s", convert_to_gsettings, &settings, &passwd); + if (!ret) return NULL; + + status = set_secret_storage_password(settings, passwd); + + result = status ? Py_True : Py_False; + Py_INCREF(result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* args = arguments fournis à l'appel. * +* * +* Description : Détermine si la clef de chiffrement maître est vérouillée. * +* * +* Retour : Bilan de la détermination. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_secstorage_is_secret_storage_locked(PyObject *self, PyObject *args) +{ + PyObject *result; /* Conversion à retourner */ + GSettings *settings; /* Configuration à considérer */ + int ret; /* Bilan de lecture des args. */ + bool status; /* Bilan de situation */ + +#define SECSTORAGE_IS_SECRET_STORAGE_LOCKED_METHOD PYTHON_METHOD_DEF \ +( \ + is_secret_storage_locked, "/, settings=None", \ + METH_VARARGS, py_secstorage, \ + "Indicate if the master key used for protecting secrets is" \ + " currently decrypted in memory.\n" \ + "\n" \ + "The *settings* arguement must point to a GSettings intance; the" \ + " main configuration settings are used by default.\n" \ + "\n" \ + "The result is a boolean status: *True* if the master key is" \ + " unlocked and ready for use, *False* otherwise." \ +) + + settings = NULL; + + ret = PyArg_ParseTuple(args, "|O&", convert_to_gsettings, &settings); + if (!ret) return NULL; + + status = is_secret_storage_locked(settings); + + result = status ? Py_True : Py_False; + Py_INCREF(result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* args = arguments fournis à l'appel. * +* * +* Description : Déverrouille la clef de chiffrement maître. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_secstorage_unlock_secret_storage(PyObject *self, PyObject *args) +{ + PyObject *result; /* Conversion à retourner */ + GSettings *settings; /* Configuration à considérer */ + const char *passwd; /* Mot de passe associé */ + int ret; /* Bilan de lecture des args. */ + bool status; /* Bilan de situation */ + +#define SECSTORAGE_UNLOCK_SECRET_STORAGE_METHOD PYTHON_METHOD_DEF \ +( \ + unlock_secret_storage, "/, settings=None, password=''", \ + METH_VARARGS, py_secstorage, \ + "Decrypt in memory the master key used for protecting secrets.\n" \ + "\n" \ + "The *settings* arguement must point to a GSettings intance; the" \ + " main configuration settings are used by default. The supplied" \ + " *password* is the primary password used to protect this key.\n" \ + "\n" \ + "The result is a boolean status: *True* if the operation successed" \ + " or if the master key is already unlocked, *False* otherwise." \ +) + + settings = NULL; + passwd = ""; + + ret = PyArg_ParseTuple(args, "|O&s", convert_to_gsettings, &settings, &passwd); + if (!ret) return NULL; + + status = unlock_secret_storage(settings, passwd); + + result = status ? Py_True : Py_False; + Py_INCREF(result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* args = arguments fournis à l'appel. * +* * +* Description : Verrouille la clef de chiffrement maître. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_secstorage_lock_secret_storage(PyObject *self, PyObject *args) +{ + PyObject *result; /* Conversion à retourner */ + GSettings *settings; /* Configuration à considérer */ + int ret; /* Bilan de lecture des args. */ + +#define SECSTORAGE_LOCK_SECRET_STORAGE_METHOD PYTHON_METHOD_DEF \ +( \ + lock_secret_storage, "/, settings=None", \ + METH_VARARGS, py_secstorage, \ + "Clear from memory the master key used for protecting secrets.\n" \ + "\n" \ + "The *settings* arguement must point to a GSettings intance; the" \ + " main configuration settings are used by default." \ +) + + settings = NULL; + + ret = PyArg_ParseTuple(args, "|O&", convert_to_gsettings, &settings); + if (!ret) return NULL; + + lock_secret_storage(settings); + + result = Py_None; + Py_INCREF(result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* args = arguments fournis à l'appel. * +* * +* Description : Chiffre des données avec la clef de chiffrement maître. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_secstorage_encrypt_secret_storage_data(PyObject *self, PyObject *args) +{ + PyObject *result; /* Conversion à retourner */ + const char *data_in; /* Données d'entrée à chiffrer */ + Py_ssize_t size_in; /* Quantité de ces données */ + GSettings *settings; /* Configuration à considérer */ + int ret; /* Bilan de lecture des args. */ + sized_binary_t in; /* Données à chiffer */ + bool status; /* Bilan de situation */ + sized_binary_t out; /* Données chiffrées */ + +#define SECSTORAGE_ENCRYPT_SECRET_STORAGE_DATA_METHOD PYTHON_METHOD_DEF \ +( \ + encrypt_secret_storage_data, "data, /, settings=None", \ + METH_VARARGS, py_secstorage, \ + "Encrypt data using an unlocked the master key.\n" \ + "\n" \ + "The *settings* arguement must point to a GSettings intance; the" \ + " main configuration settings are used by default." \ + "\n" \ + "The result is either encrypted data as bytes in case of success," \ + " or *None* in case of failure." \ +) + + settings = NULL; + + ret = PyArg_ParseTuple(args, "s#|O&", &data_in, &size_in, convert_to_gsettings, &settings); + if (!ret) return NULL; + + in.static_data = data_in; + in.size = size_in; + + status = encrypt_secret_storage_data(settings, &in, &out); + + if (status) + { + result = PyBytes_FromStringAndSize(out.static_data, out.size); + exit_sized_binary(&out); + } + + else + { + result = Py_None; + Py_INCREF(result); + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* args = arguments fournis à l'appel. * +* * +* Description : Déchiffre des données avec la clef de chiffrement maître. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_secstorage_decrypt_secret_storage_data(PyObject *self, PyObject *args) +{ + PyObject *result; /* Conversion à retourner */ + const char *data_in; /* Données d'entrée à chiffrer */ + Py_ssize_t size_in; /* Quantité de ces données */ + GSettings *settings; /* Configuration à considérer */ + int ret; /* Bilan de lecture des args. */ + sized_binary_t in; /* Données à chiffer */ + bool status; /* Bilan de situation */ + sized_binary_t out; /* Données chiffrées */ + +#define SECSTORAGE_DECRYPT_SECRET_STORAGE_DATA_METHOD PYTHON_METHOD_DEF \ +( \ + decrypt_secret_storage_data, "data, /, settings=None", \ + METH_VARARGS, py_secstorage, \ + "Decrypt data using an unlocked the master key.\n" \ + "\n" \ + "The *settings* arguement must point to a GSettings intance; the" \ + " main configuration settings are used by default." \ + "\n" \ + "The result is either decrypted data as bytes in case of success," \ + " or *None* in case of failure." \ +) + + settings = NULL; + + ret = PyArg_ParseTuple(args, "s#|O&", &data_in, &size_in, convert_to_gsettings, &settings); + if (!ret) return NULL; + + in.static_data = data_in; + in.size = size_in; + + status = decrypt_secret_storage_data(settings, &in, &out); + + if (status) + { + result = PyBytes_FromStringAndSize(out.static_data, out.size); + exit_sized_binary(&out); + } + + else + { + result = Py_None; + Py_INCREF(result); + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Définit une extension du module 'core' à compléter. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool populate_core_module_with_secstorage(void) +{ + bool result; /* Bilan à retourner */ + PyObject *module; /* Module à recompléter */ + + static PyMethodDef py_secstorage_methods[] = { + SECSTORAGE_HAS_SECRET_STORAGE_KEY_METHOD, + SECSTORAGE_SET_SECRET_STORAGE_PASSWORD_METHOD, + SECSTORAGE_IS_SECRET_STORAGE_LOCKED_METHOD, + SECSTORAGE_UNLOCK_SECRET_STORAGE_METHOD, + SECSTORAGE_LOCK_SECRET_STORAGE_METHOD, + SECSTORAGE_ENCRYPT_SECRET_STORAGE_DATA_METHOD, + SECSTORAGE_DECRYPT_SECRET_STORAGE_DATA_METHOD, + { NULL } + }; + + module = get_access_to_python_module("pychrysalide.core"); + + result = register_python_module_methods(module, py_secstorage_methods); + + return result; + +} diff --git a/plugins/pychrysalide/core/secstorage.h b/plugins/pychrysalide/core/secstorage.h new file mode 100644 index 0000000..d05d052 --- /dev/null +++ b/plugins/pychrysalide/core/secstorage.h @@ -0,0 +1,39 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * secstorage.h - prototypes pour l'équivalent Python du fichier "core/secstorage.h" + * + * Copyright (C) 2025 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_PYCHRYSALIDE_CORE_SECSTORAGE_H +#define _PLUGINS_PYCHRYSALIDE_CORE_SECSTORAGE_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Définit une extension du module 'core' à compléter. */ +bool populate_core_module_with_secstorage(void); + + + +#endif /* _PLUGINS_PYCHRYSALIDE_CORE_SECSTORAGE_H */ |