Move password functions to libcommon.

.github/workflows/mosquitto-make-asan.yml

@@ -45,4 +45,4 @@ jobs:
     -
       name: make test
       run: |
-        make WITH_ASAN=yes ptest
+        make WITH_ASAN=yes test

.github/workflows/mosquitto-make.yml

@@ -40,8 +40,8 @@ jobs:
         submodules: 'true'
     -
       name: make
-      run: make ALLOC_MISMATCH_ABORT=yes
+      run: make
     -
       name: make test
       run: |
-        make ALLOC_MISMATCH_ABORT=yes ptest
+        make test

apps/mosquitto_ctrl/CMakeLists.txt

@@ -10,7 +10,6 @@ if(WITH_TLS)
 		../mosquitto_passwd/get_password.c ../mosquitto_passwd/get_password.h
 		options.c
 		../../common/json_help.c ../../common/json_help.h
-		../../common/password_mosq.c ../../common/password_mosq.h
 	)
 
 	target_include_directories(mosquitto_ctrl PRIVATE
@@ -46,13 +45,6 @@ if(WITH_TLS)
 		endif()
 	endif()
 
-	if(ARGON2_FOUND)
-		target_link_libraries(mosquitto_ctrl
-			PRIVATE
-				argon2
-		)
-	endif()
-
 	target_link_libraries(mosquitto_ctrl
 	  PRIVATE
 	  	common-options

apps/mosquitto_ctrl/Makefile

@@ -6,7 +6,7 @@ include ${R}/config.mk
 LOCAL_CFLAGS+=
 LOCAL_CPPFLAGS+=-I${R}/lib -I${R}/apps/mosquitto_passwd -I${R}/plugins/dynamic-security -I${R}/common
 LOCAL_LDFLAGS+=
-LOCAL_LDADD+=-lcjson -ldl ${LIBMOSQ} ${LIBMOSQ_COMMON} ${LIB_ARGON2}
+LOCAL_LDADD+=-lcjson -ldl ${LIBMOSQ} ${LIBMOSQ_COMMON}
 
 # ------------------------------------------
 #  Compile time options
@@ -34,8 +34,7 @@ OBJS= \
 
 OBJS_EXTERNAL= \
 	get_password.o \
-	json_help.o \
-	password_mosq.o
+	json_help.o
 
 EXAMPLE_OBJS= example.o
 
@@ -65,9 +64,6 @@ get_password.o : ${R}/apps/mosquitto_passwd/get_password.c ${R}/apps/mosquitto_p
 json_help.o : ${R}/common/json_help.c ${R}/common/json_help.h
 	${CROSS_COMPILE}${CC} $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@
 
-password_mosq.o : ${R}/common/password_mosq.c ${R}/common/password_mosq.h
-	${CROSS_COMPILE}${CC} $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@
-
 ${R}/lib/libmosquitto.so.${SOVERSION} :
 	$(MAKE) -C ${R}/lib
 

apps/mosquitto_ctrl/dynsec.c

@@ -33,7 +33,6 @@ SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
 #include "mosquitto_ctrl.h"
 #include "mosquitto.h"
 #include "json_help.h"
-#include "password_mosq.h"
 #include "get_password.h"
 
 #define MAX_STRING_LEN 4096
@@ -561,16 +560,16 @@ static cJSON *init_add_role(const char *rolename)
 static cJSON *init_add_client(const char *username, const char *password, const char *rolename)
 {
 	cJSON *j_client, *j_roles, *j_role;
-	struct mosquitto_pw pw;
+	struct mosquitto_pw *pw;
 
-	memset(&pw, 0, sizeof(pw));
-
-	if(pw__create(&pw, password) != MOSQ_ERR_SUCCESS){
+	if(mosquitto_pw_new(&pw, MOSQ_PW_DEFAULT) || mosquitto_pw_hash_encoded(pw, password)){
+		mosquitto_pw_cleanup(pw);
 		return NULL;
 	}
 
 	j_client = cJSON_CreateObject();
 	if(j_client == NULL){
+		mosquitto_pw_cleanup(pw);
 		return NULL;
 	}
 
@@ -579,38 +578,16 @@ static cJSON *init_add_client(const char *username, const char *password, const
 			){
 
 		cJSON_Delete(j_client);
+		mosquitto_pw_cleanup(pw);
 		return NULL;
 	}
 
-	if(pw.hashtype == pw_sha512_pbkdf2){
-		char *salt_b64 = NULL, *password_b64 = NULL;
-
-		if(mosquitto_base64_encode(pw.params.sha512_pbkdf2.salt, pw.params.sha512_pbkdf2.salt_len, &salt_b64)
-				|| mosquitto_base64_encode(pw.params.sha512_pbkdf2.password_hash, sizeof(pw.params.sha512_pbkdf2.password_hash), &password_b64)
-				|| cJSON_AddStringToObject(j_client, "salt", salt_b64) == NULL
-				|| cJSON_AddStringToObject(j_client, "password", password_b64) == NULL
-				|| cJSON_AddNumberToObject(j_client, "iterations", pw.params.sha512_pbkdf2.iterations) == NULL){
-
-			cJSON_Delete(j_client);
-			free(password_b64);
-			free(salt_b64);
-			return NULL;
-		}
-		free(password_b64);
-		free(salt_b64);
-	}else{
-		if(pw__encode(&pw) != MOSQ_ERR_SUCCESS){
-			cJSON_Delete(j_client);
-			return NULL;
-		}
-
-		if(cJSON_AddStringToObject(j_client, "encoded_password", pw.encoded_password) == NULL){
-			free(pw.encoded_password);
-			cJSON_Delete(j_client);
-			return NULL;
-		}
-		free(pw.encoded_password);
+	if(cJSON_AddStringToObject(j_client, "encoded_password", mosquitto_pw_get_encoded(pw)) == NULL){
+		cJSON_Delete(j_client);
+		mosquitto_pw_cleanup(pw);
+		return NULL;
 	}
+	mosquitto_pw_cleanup(pw);
 
 	j_roles = cJSON_CreateArray();
 	if(j_roles == NULL){

apps/mosquitto_ctrl/dynsec_client.c

@@ -24,7 +24,6 @@ SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
 #include "mosquitto_ctrl.h"
 #include "get_password.h"
 #include "json_help.h"
-#include "password_mosq.h"
 #include "dynamic_security.h"
 
 int dynsec_client__create(int argc, char *argv[], cJSON *j_command)
@@ -161,6 +160,7 @@ int dynsec_client__file_set_password(int argc, char *argv[], const char *file)
 	struct dynsec__client client;
 	char *json_str;
 	int i;
+	int iterations = -1;
 
 	memset(&client, 0, sizeof(client));
 
@@ -176,7 +176,7 @@ int dynsec_client__file_set_password(int argc, char *argv[], const char *file)
 				fprintf(stderr, "Error: -i argument given, but no iterations provided.\n");
 				return MOSQ_ERR_INVAL;
 			}
-			client.pw.params.sha512_pbkdf2.iterations = atoi(argv[i+1]);
+			iterations = atoi(argv[i+1]);
 			i++;
 		}else{
 			fprintf(stderr, "Error: Unknown argument: %s\n", argv[i]);
@@ -231,89 +231,50 @@ int dynsec_client__file_set_password(int argc, char *argv[], const char *file)
 			const char *username_json;
 			if(json_get_string(j_client, "username", &username_json, false) == MOSQ_ERR_SUCCESS){
 				if(!strcmp(username_json, username)){
-					if(pw__create(&client.pw, password)){
+					if(iterations == -1){
+						mosquitto_pw_new(&client.pw, MOSQ_PW_DEFAULT);
+					}else{
+						mosquitto_pw_new(&client.pw, MOSQ_PW_SHA512_PBKDF2);
+						mosquitto_pw_set_param(client.pw, MOSQ_PW_PARAM_ITERATIONS, iterations);
+					}
+					if(!client.pw || mosquitto_pw_hash_encoded(client.pw, password)){
+						cJSON_Delete(j_tree);
+						mosquitto_pw_cleanup(client.pw);
+						client.pw = NULL;
 						fprintf(stderr, "Error: Problem generating password hash.\n");
 						return MOSQ_ERR_NOMEM;
 					}
 
-					if(client.pw.hashtype == pw_sha512_pbkdf2){
-						char *password_b64, *salt_b64;
-						cJSON *j_password = NULL, *j_salt = NULL, *j_iterations = NULL;
-
-						if(mosquitto_base64_encode(client.pw.params.sha512_pbkdf2.password_hash, sizeof(client.pw.params.sha512_pbkdf2.password_hash), &password_b64) != MOSQ_ERR_SUCCESS){
-							fprintf(stderr, "Error: Problem generating password hash.\n");
-							pw__cleanup(&client.pw);
-							return MOSQ_ERR_NOMEM;
-						}
-						if(mosquitto_base64_encode(client.pw.params.sha512_pbkdf2.salt, client.pw.params.sha512_pbkdf2.salt_len, &salt_b64) != MOSQ_ERR_SUCCESS){
-							pw__cleanup(&client.pw);
-							free(password_b64);
-							fprintf(stderr, "Error: Problem generating password hash.\n");
-							return MOSQ_ERR_NOMEM;
-						}
-						if((j_password = cJSON_CreateString(password_b64)) == NULL
-								|| (j_salt = cJSON_CreateString(salt_b64)) == NULL
-								|| (j_iterations = cJSON_CreateNumber(client.pw.params.sha512_pbkdf2.iterations)) == NULL
-								){
-
-							pw__cleanup(&client.pw);
-							free(password_b64);
-							free(salt_b64);
-							fprintf(stderr, "Error: Out of memory.\n");
-							return MOSQ_ERR_NOMEM;
-						}
-						free(password_b64);
-						free(salt_b64);
-
-						cJSON_DeleteItemFromObject(j_client, "password");
-						cJSON_DeleteItemFromObject(j_client, "salt");
-						cJSON_DeleteItemFromObject(j_client, "iterations");
-						cJSON_DeleteItemFromObject(j_client, "encoded_password");
-
-						cJSON_AddItemToObject(j_client, "password", j_password);
-						cJSON_AddItemToObject(j_client, "salt", j_salt);
-						cJSON_AddItemToObject(j_client, "iterations", j_iterations);
-						j_password = NULL;
-						j_salt = NULL;
-						j_iterations = NULL;
-					}else{
-						if(pw__encode(&client.pw)){
-							fprintf(stderr, "Error: Out of memory.\n");
-							pw__cleanup(&client.pw);
-							return MOSQ_ERR_NOMEM;
-						}
-						cJSON *j_encoded_password = cJSON_CreateString(client.pw.encoded_password);
-						if(!j_encoded_password){
-							fprintf(stderr, "Error: Out of memory.\n");
-							pw__cleanup(&client.pw);
-							return MOSQ_ERR_NOMEM;
-						}
-
-						cJSON_DeleteItemFromObject(j_client, "password");
-						cJSON_DeleteItemFromObject(j_client, "salt");
-						cJSON_DeleteItemFromObject(j_client, "iterations");
-						cJSON_DeleteItemFromObject(j_client, "encoded_password");
-						cJSON_AddItemToObject(j_client, "encoded_password", j_encoded_password);
+					cJSON *j_encoded_password = cJSON_CreateString(mosquitto_pw_get_encoded(client.pw));
+					if(!j_encoded_password){
+						fprintf(stderr, "Error: Out of memory.\n");
+						cJSON_Delete(j_tree);
+						mosquitto_pw_cleanup(client.pw);
+						return MOSQ_ERR_NOMEM;
 					}
+					mosquitto_pw_cleanup(client.pw);
+
+					cJSON_DeleteItemFromObject(j_client, "password");
+					cJSON_DeleteItemFromObject(j_client, "salt");
+					cJSON_DeleteItemFromObject(j_client, "iterations");
+					cJSON_DeleteItemFromObject(j_client, "encoded_password");
+					cJSON_AddItemToObject(j_client, "encoded_password", j_encoded_password);
 
 					json_str = cJSON_Print(j_tree);
 					cJSON_Delete(j_tree);
 					if(json_str == NULL){
 						fprintf(stderr, "Error: Out of memory.\n");
-						pw__cleanup(&client.pw);
 						return MOSQ_ERR_NOMEM;
 					}
 					fptr = fopen(file, "wb");
 					if(fptr == NULL){
 						fprintf(stderr, "Error: Unable to write to %s.\n", file);
 						free(json_str);
-						pw__cleanup(&client.pw);
 						return MOSQ_ERR_UNKNOWN;
 					}
 					fprintf(fptr, "%s", json_str);
 					free(json_str);
 					fclose(fptr);
-					pw__cleanup(&client.pw);
 					return MOSQ_ERR_SUCCESS;
 				}
 			}

apps/mosquitto_ctrl/dynsec_group.c

@@ -25,7 +25,6 @@ SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
 #include "mosquitto.h"
 #include "mosquitto_ctrl.h"
 #include "json_help.h"
-#include "password_mosq.h"
 
 int dynsec_group__create(int argc, char *argv[], cJSON *j_command)
 {

apps/mosquitto_ctrl/dynsec_role.c

@@ -29,7 +29,6 @@ SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
 #include "mosquitto.h"
 #include "mosquitto_ctrl.h"
 #include "json_help.h"
-#include "password_mosq.h"
 
 int dynsec_role__create(int argc, char *argv[], cJSON *j_command)
 {

apps/mosquitto_passwd/CMakeLists.txt

@@ -2,7 +2,6 @@ if(WITH_TLS)
 	add_executable(mosquitto_passwd
 		mosquitto_passwd.c
 		get_password.c get_password.h
-		../../common/password_mosq.c ../../common/password_mosq.h
 	)
 
 	target_include_directories(mosquitto_passwd PRIVATE
@@ -13,13 +12,6 @@ if(WITH_TLS)
 		"${mosquitto_SOURCE_DIR}/src"
 	)
 
-	if(ARGON2_FOUND)
-		target_link_libraries(mosquitto_passwd
-			PRIVATE
-				argon2
-		)
-	endif()
-
     target_link_libraries(mosquitto_passwd
 	  PRIVATE
 	  	common-options

apps/mosquitto_passwd/Makefile

@@ -4,16 +4,15 @@ include ${R}/config.mk
 LOCAL_CFLAGS+=
 LOCAL_CPPFLAGS+=-I${R}/lib
 LOCAL_LDFLAGS+=
-LOCAL_LDADD+=-lcrypto ${LIB_ARGON2} ${LIBMOSQ_COMMON}
+LOCAL_LDADD+=-lcrypto ${LIBMOSQ_COMMON}
 
 .PHONY: all install uninstall clean reallyclean
 
 OBJS= \
 	mosquitto_passwd.o \
 	get_password.o \
 
-OBJS_EXTERNAL= \
-	password_mosq.o
+OBJS_EXTERNAL=
 
 
 ifeq ($(WITH_TLS),yes)
@@ -35,9 +34,6 @@ mosquitto_passwd.a : ${OBJS} ${OBJS_EXTERNAL}
 ${OBJS} : %.o: %.c
 	${CROSS_COMPILE}${CC} $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@
 
-password_mosq.o : ${R}/common/password_mosq.c ${R}/common/password_mosq.h
-	${CROSS_COMPILE}${CC} ${LOCAL_CPPFLAGS} $(LOCAL_CFLAGS) -c $< -o $@
-
 install : all
 ifeq ($(WITH_TLS),yes)
 	$(INSTALL) -d "${DESTDIR}$(prefix)/bin"