search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add configuration parameter "tls_dh_params_file".
[libpwmd.git] / src / cache.c
blob5000274bbb8d427039df2684197f94a4da4240dc
1 /*
2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015,
3 2016
4 Ben Kibbey <bjk@luxsci.net>
5
6 This file is part of pwmd.
7
8 Pwmd is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation, either version 2 of the License, or
11 (at your option) any later version.
12
13 Pwmd is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
20 */
21 #ifdef HAVE_CONFIG_H
22 #include <config.h>
23 #endif
24
25 #include <stdio.h>
26 #include <unistd.h>
27 #include <pthread.h>
28 #include <ctype.h>
29 #include <errno.h>
30
31 #include "pwmd-error.h"
32 #include <gcrypt.h>
33 #include "mutex.h"
34 #include "cache.h"
35 #include "status.h"
36 #include "mem.h"
37 #include "util-misc.h"
38 #include "util-string.h"
39 #include "agent.h"
40
41 #ifdef HAVE_TIME_H
42 #include <time.h>
43 #endif
44
45 static pthread_mutex_t cache_mutex;
46 static struct slist_s *key_cache;
47 static unsigned char *cache_iv;
48 static unsigned char *cache_key;
49 static size_t cache_blocksize;
50 static size_t cache_keysize;
51 struct agent_s *cache_agent;
52
53 extern void log_write (const char *fmt, ...);
54
55 static gpg_error_t clear_once (file_cache_t * p, int agent);
56 static int remove_entry (const char *);
57 static void free_entry (file_cache_t * p, int agent);
58
59 static file_cache_t *
60 get_entry (const char *filename)
61 {
62 int t = slist_length (key_cache);
63 int i;
64
65 if (!filename)
66 return NULL;
67
68 for (i = 0; i < t; i++)
69 {
70 file_cache_t *p = slist_nth_data (key_cache, i);
71
72 if (!strcmp (p->filename, filename))
73 return p;
74 }
75
76 return NULL;
77 }
78
79 gpg_error_t
80 cache_lock_mutex (void *ctx, const char *filename, long lock_timeout, int add,
81 int timeout)
82 {
83 MUTEX_LOCK (&cache_mutex);
84 gpg_error_t rc = 0;
85 file_cache_t *p = get_entry (filename);
86
87 if (p)
88 {
89 MUTEX_UNLOCK (&cache_mutex);
90 MUTEX_TRYLOCK (ctx, p->mutex, rc, lock_timeout);
91 }
92 else if (add)
93 {
94 rc = cache_add_file (filename, NULL, timeout);
95 if (!rc)
96 {
97 p = get_entry (filename);
98 MUTEX_UNLOCK (&cache_mutex);
99 MUTEX_TRYLOCK (ctx, p->mutex, rc, lock_timeout);
100 }
101 else
102 {
103 MUTEX_UNLOCK (&cache_mutex);
104 }
105 }
106 else
107 {
108 MUTEX_UNLOCK (&cache_mutex);
109 }
110
111 return !p && !rc ? GPG_ERR_NO_DATA : rc;
112 }
113
114 static int
115 remove_entry (const char *filename)
116 {
117 MUTEX_LOCK (&cache_mutex);
118 file_cache_t *p = get_entry (filename);
119
120 pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
121 if (p)
122 {
123 /* Keep a refcount because another client maybe editing this same new
124 * file. The entry needs to be kept in case the other client SAVE's.
125 */
126 p->refcount--;
127 if (!p->refcount)
128 free_entry (p, 0);
129 }
130
131 pthread_cleanup_pop (1);
132 return p ? 1 : 0;
133 }
134
135 static gpg_error_t
136 free_cache_data (file_cache_t * cache)
137 {
138 gpg_error_t rc = GPG_ERR_NO_DATA;
139 int i, t;
140 struct client_thread_s *found = NULL;
141 int self = 0;
142
143 if (!cache->data)
144 return 0;
145
146 cache_lock ();
147 MUTEX_LOCK (&cn_mutex);
148 pthread_cleanup_push (cleanup_mutex_cb, &cn_mutex);
149 t = slist_length (cn_thread_list);
150
151 for (i = 0; i < t; i++)
152 {
153 struct client_thread_s *thd = slist_nth_data (cn_thread_list, i);
154
155 if (!thd->cl)
156 continue;
157
158 self = pthread_equal (pthread_self (), thd->tid);
159
160 if (thd->cl->filename && !strcmp (thd->cl->filename, cache->filename))
161 {
162 if (self)
163 {
164 found = thd;
165 continue;
166 }
167
168 /* Continue trying to find a client who has the same file open and
169 * also has a lock. */
170 rc = cache_lock_mutex (thd->cl->ctx, thd->cl->filename, -1, 0, -1);
171 if (!rc)
172 {
173 found = thd;
174 break;
175 }
176 }
177 }
178
179 if (self && (!rc || rc == GPG_ERR_NO_DATA) && found)
180 rc = cache_lock_mutex (found->cl->ctx, found->cl->filename, -1, 0, -1);
181
182 if (exiting || !rc || rc == GPG_ERR_NO_DATA)
183 {
184 free_cache_data_once (cache->data);
185 cache->data = NULL;
186 cache->defer_clear = 0;
187 cache->timeout = -1;
188
189 if (found)
190 cache_unlock_mutex (found->cl->filename, 0);
191
192 rc = 0;
193 }
194
195 if (rc)
196 cache->defer_clear = 1;
197
198 pthread_cleanup_pop (1);
199 cache_unlock ();
200 return rc;
201 }
202
203 gpg_error_t
204 cache_unlock_mutex (const char *filename, int remove)
205 {
206 MUTEX_LOCK (&cache_mutex);
207 file_cache_t *p = get_entry (filename);
208
209 if (p)
210 {
211 MUTEX_UNLOCK (p->mutex);
212 if (remove)
213 remove_entry (filename);
214 }
215
216 MUTEX_UNLOCK (&cache_mutex);
217 return p ? 0 : GPG_ERR_NO_DATA;
218 }
219
220 static gpg_error_t
221 test_agent_cache_once (file_cache_t *p, const char *grip)
222 {
223 gpg_error_t rc;
224 char *line;
225
226 rc = agent_command (cache_agent, &line, NULL, "KEYINFO --data %s", grip);
227 if (!rc)
228 {
229 char **fields = str_split (line, " ", 0);
230
231 /* Smartcard. */
232 if (*fields[1] == 'T')
233 rc = GPG_ERR_NO_DATA;
234 else
235 rc = isdigit (*fields[4]) || *fields[5] == 'C' ? 0 : GPG_ERR_NO_DATA;
236
237 strv_free (fields);
238 xfree (line);
239 }
240
241 return rc;
242 }
243
244 /* Test each keygrip in data->(sig)grip for gpg-agent cache status. The file is
245 * considered cached if at least one grip is cached in the agent or one siggrip
246 * is cached in the case of 'sign'.
247 */
248 static gpg_error_t
249 test_agent_cache (file_cache_t *data, int sign)
250 {
251 gpg_error_t rc = 0;
252 char **p;
253
254 if ((!data->grip && !sign) || (!data->siggrip && sign))
255 return GPG_ERR_NO_DATA;
256
257 for (p = data->grip; !sign && p && *p; p++)
258 {
259 rc = test_agent_cache_once (data, *p);
260 if (!rc || rc != GPG_ERR_NO_DATA)
261 break;
262 }
263
264 if (!rc && sign)
265 {
266 for (p = data->siggrip; p && *p; p++)
267 {
268 rc = test_agent_cache_once (data, *p);
269 if (!rc || rc != GPG_ERR_NO_DATA)
270 break;
271 }
272 }
273
274 return rc;
275 }
276
277 static gpg_error_t
278 extract_keygrip_once (struct crypto_s *crypto, char **keyids, int sign,
279 char ***dst)
280 {
281 gpgme_key_t *result;
282 gpgme_error_t rc;
283 int i;
284 char **grips = NULL;
285
286 rc = crypto_list_keys (crypto, keyids, sign, &result);
287 if (rc)
288 return rc;
289
290 for (i = 0; result[i]; i++)
291 {
292 gpgme_subkey_t s;
293
294 for (s = result[i]->subkeys; s; s = s->next)
295 {
296 char **k;
297
298 if (sign && !s->can_sign)
299 continue;
300
301 for (k = keyids; *k; k++)
302 {
303 if (!strcmp (*k, s->keyid) && s->keygrip)
304 {
305 char **tmp;
306 size_t len = strv_length (grips);
307
308 tmp = xrealloc (grips, len+2 * sizeof (char *));
309 if (!tmp)
310 {
311 rc = GPG_ERR_ENOMEM;
312 break;
313 }
314
315 grips = tmp;
316 grips[len] = str_dup (s->keygrip);
317 if (!grips[len])
318 {
319 rc = GPG_ERR_ENOMEM;
320 break;
321 }
322
323 grips[++len] = NULL;
324 }
325 }
326 }
327 }
328
329 if (!rc)
330 {
331 strv_free (*dst);
332 *dst = grips;
333 }
334 else
335 {
336 strv_free (grips);
337 grips = NULL;
338 }
339
340 crypto_free_key_list (result);
341 return rc ? rc : grips ? rc : GPG_ERR_NO_DATA;
342 }
343
344 static gpg_error_t
345 extract_keygrips (file_cache_t *data)
346 {
347 gpg_error_t rc = 0;
348 struct crypto_s *crypto;
349 char **grips = NULL, **siggrips = NULL;
350
351 if (!data || !data->data)
352 return 0;
353
354 rc = crypto_init (&crypto, NULL, NULL, 0, NULL);
355 if (rc)
356 return rc;
357
358 pthread_cleanup_push ((void *)crypto_free, crypto);
359
360 if (data->data->pubkey)
361 rc = extract_keygrip_once (crypto, data->data->pubkey, 0, &grips);
362
363 if (!rc && data->data->sigkey)
364 rc = extract_keygrip_once (crypto, data->data->sigkey, 1, &siggrips);
365
366 if (!rc)
367 {
368 strv_free (data->grip);
369 data->grip = grips;
370 strv_free (data->siggrip);
371 data->siggrip = siggrips;
372 }
373 else
374 {
375 strv_free (grips);
376 strv_free (siggrips);
377 }
378
379 pthread_cleanup_pop (1);
380 return rc;
381 }
382
383 static gpg_error_t
384 iscached (const char *filename, int *defer, int agent, int sign)
385 {
386 file_cache_t *p = get_entry (filename);
387 gpg_error_t rc = 0;
388
389 if (!agent)
390 {
391 if (!p || !p->data)
392 return GPG_ERR_NO_DATA;
393
394 if (defer)
395 *defer = p->defer_clear;
396
397 return 0;
398 }
399
400 if (!p)
401 return GPG_ERR_NO_DATA;
402
403 if (defer)
404 *defer = p->defer_clear;
405
406 if (!rc && (p->grip || p->siggrip))
407 rc = test_agent_cache (p, sign);
408 else if (!rc)
409 rc = GPG_ERR_NO_DATA;
410
411 return rc;
412 }
413
414 unsigned
415 cache_file_count ()
416 {
417 MUTEX_LOCK (&cache_mutex);
418 unsigned total = 0, i, n;
419
420 pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
421 n = slist_length (key_cache);
422 for (i = 0; i < n; i++)
423 {
424 file_cache_t *p = slist_nth_data (key_cache, i);
425
426 if (!iscached (p->filename, NULL, 0, 0))
427 total++;
428 }
429
430 pthread_cleanup_pop (1);
431 return total;
432 }
433
434 void
435 cache_adjust_timeout ()
436 {
437 MUTEX_LOCK (&cache_mutex);
438 int t = slist_length (key_cache);
439 int i;
440
441 pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
442
443 for (i = 0; i < t; i++)
444 {
445 file_cache_t *p = slist_nth_data (key_cache, i);
446
447 if (p->timeout > 0)
448 p->timeout--;
449
450 if (!p->timeout || (p->defer_clear && p->timeout != -1))
451 {
452 /* The file associated with this cache entry may be locked by a
453 * client. Defer freeing this cache entry until the next timeout
454 * check. */
455 if (!clear_once (p, 1))
456 send_status_all (STATUS_CACHE, NULL);
457 }
458 }
459
460 pthread_cleanup_pop (1);
461 }
462
463 static gpg_error_t
464 set_timeout (const char *filename, int timeout, int defer, int force)
465 {
466 MUTEX_LOCK (&cache_mutex);
467 file_cache_t *p = get_entry (filename);
468 gpg_error_t rc = 0;
469
470 if (!p)
471 {
472 MUTEX_UNLOCK (&cache_mutex);
473 return GPG_ERR_NOT_FOUND;
474 }
475
476 p->reset = timeout;
477 if (!p->defer_clear && (p->timeout == -1 || force))
478 p->timeout = timeout;
479
480 if (!timeout || defer)
481 {
482 rc = clear_once (p, 1);
483 if (!rc)
484 send_status_all (STATUS_CACHE, NULL);
485 }
486
487 MUTEX_UNLOCK (&cache_mutex);
488 return rc;
489 }
490
491 gpg_error_t
492 cache_set_data (const char *filename, struct cache_data_s * data)
493 {
494 MUTEX_LOCK (&cache_mutex);
495 gpg_error_t rc = GPG_ERR_NO_DATA;
496 file_cache_t *p = get_entry (filename);
497
498 if (p)
499 {
500 p->data = data;
501 rc = set_timeout (filename, p->reset, p->defer_clear, 0);
502 if (!rc && !p->reset)
503 {
504 clear_once (p, 0);
505 send_status_all (STATUS_CACHE, NULL);
506 }
507 else if (!rc)
508 rc = extract_keygrips (p);
509 }
510
511 MUTEX_UNLOCK (&cache_mutex);
512 return p && !rc ? 0 : rc;
513 }
514
515 struct cache_data_s *
516 cache_get_data (const char *filename)
517 {
518 MUTEX_LOCK (&cache_mutex);
519 file_cache_t *p = get_entry (filename);
520
521 MUTEX_UNLOCK (&cache_mutex);
522 return p ? p->data : NULL;
523 }
524
525 gpg_error_t
526 cache_add_file (const char *filename, struct cache_data_s *data, int timeout)
527 {
528 MUTEX_LOCK (&cache_mutex);
529 file_cache_t *p = get_entry (filename);
530 struct slist_s *new;
531 gpg_error_t rc = 0;
532
533 if (p)
534 {
535 p->data = data;
536 p->refcount++;
537 rc = set_timeout (filename, timeout, p->defer_clear, 0);
538 MUTEX_UNLOCK (&cache_mutex);
539 send_status_all (STATUS_CACHE, NULL);
540
541 if (!rc)
542 rc = extract_keygrips (p);
543
544 return rc;
545 }
546
547 p = xcalloc (1, sizeof (file_cache_t));
548 if (!p)
549 {
550 MUTEX_UNLOCK (&cache_mutex);
551 return GPG_ERR_ENOMEM;
552 }
553
554 p->mutex = (pthread_mutex_t *) xmalloc (sizeof (pthread_mutex_t));
555 if (!p->mutex)
556 {
557 xfree (p);
558 MUTEX_UNLOCK (&cache_mutex);
559 return GPG_ERR_ENOMEM;
560 }
561
562 pthread_mutexattr_t attr;
563 pthread_mutexattr_init (&attr);
564 pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE);
565 pthread_mutex_init (p->mutex, &attr);
566 pthread_mutexattr_destroy (&attr);
567 p->filename = str_dup (filename);
568 p->data = data;
569 p->refcount++;
570 new = slist_append (key_cache, p);
571 if (!new)
572 {
573 pthread_mutex_destroy (p->mutex);
574 xfree (p->mutex);
575 xfree (p);
576 MUTEX_UNLOCK (&cache_mutex);
577 return GPG_ERR_ENOMEM;
578 }
579
580 key_cache = new;
581 rc = cache_set_timeout(filename, timeout);
582 MUTEX_UNLOCK (&cache_mutex);
583 send_status_all (STATUS_CACHE, NULL);
584
585 if (!rc)
586 rc = extract_keygrips (p);
587
588 return rc;
589 }
590
591 gpg_error_t
592 cache_clear_agent_keys (const char *filename, int decrypt, int sign)
593 {
594 MUTEX_LOCK (&cache_mutex);
595 gpg_error_t rc = 0;
596 char **key;
597 file_cache_t *p = get_entry (filename);
598
599 if (!p)
600 {
601 MUTEX_UNLOCK (&cache_mutex);
602 return GPG_ERR_NOT_FOUND;
603 }
604
605 for (key = p->grip; decrypt && key && *key; key++)
606 {
607 rc = agent_command (cache_agent, NULL, NULL,
608 "CLEAR_PASSPHRASE --mode=normal %s", *key);
609 if (rc)
610 break;
611 }
612
613 for (key = p->siggrip; sign && key && *key; key++)
614 {
615 rc = agent_command (cache_agent, NULL, NULL,
616 "CLEAR_PASSPHRASE --mode=normal %s", *key);
617 if (rc)
618 break;
619 }
620
621 MUTEX_UNLOCK (&cache_mutex);
622 return rc;
623 }
624
625 static gpg_error_t
626 clear_once (file_cache_t *p, int agent)
627 {
628 gpg_error_t rc = 0, trc;
629
630 if (agent)
631 rc = cache_clear_agent_keys (p->filename, 1, 1);
632
633 trc = free_cache_data (p);
634 return rc ? rc : trc;
635 }
636
637 static void
638 free_entry (file_cache_t *p, int agent)
639 {
640 gpg_error_t rc;
641
642 if (!p)
643 return;
644
645 rc = clear_once (p, agent);
646 if (rc)
647 log_write ("%s(): %s", __FUNCTION__, pwmd_strerror (rc));
648
649 if (p->mutex)
650 {
651 pthread_mutex_destroy (p->mutex);
652 xfree (p->mutex);
653 }
654
655 strv_free (p->grip);
656 strv_free (p->siggrip);
657 xfree (p->filename);
658 key_cache = slist_remove (key_cache, p);
659 xfree (p);
660 }
661
662 gpg_error_t
663 cache_clear (struct client_s *client, const char *filename, int agent)
664 {
665 file_cache_t *p;
666 gpg_error_t rc = 0, all_rc = 0;
667 int i, t;
668
669 MUTEX_LOCK (&cache_mutex);
670
671 if (filename)
672 {
673 p = get_entry (filename);
674 if (!p)
675 {
676 MUTEX_UNLOCK (&cache_mutex);
677 return 0;
678 }
679
680 pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
681 rc = clear_once (p, agent);
682 pthread_cleanup_pop (1);
683 if (rc)
684 log_write ("%s(): %s", __FUNCTION__, pwmd_strerror (rc));
685
686 return rc;
687 }
688
689 pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
690 t = slist_length (key_cache);
691 for (i = 0; i < t; i++)
692 {
693 p = slist_nth_data (key_cache, i);
694
695 if (client)
696 {
697 assuan_peercred_t peer;
698 int n = client->no_access_param;
699
700 client->no_access_param = 1;
701 rc = do_validate_peer (client->ctx, p->filename, &peer);
702 client->no_access_param = n;
703 if (rc == GPG_ERR_FORBIDDEN)
704 rc = peer_is_invoker (client);
705
706 if (rc)
707 {
708 all_rc = !all_rc ? rc : all_rc;
709 continue;
710 }
711 }
712
713 clear_once (p, agent);
714 }
715
716 pthread_cleanup_pop (1);
717 return all_rc;
718 }
719
720 gpg_error_t
721 cache_iscached (const char *filename, int *defer, int agent, int sign)
722 {
723 gpg_error_t rc;
724
725 if (!filename)
726 return GPG_ERR_INV_PARAMETER;
727
728 MUTEX_LOCK (&cache_mutex);
729 pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
730 rc = iscached (filename, defer, agent, sign);
731 pthread_cleanup_pop (1);
732
733 /* Test if the data file disappeared from the filesystem. */
734 if ((!rc || gpg_err_code (rc) == GPG_ERR_NO_DATA)
735 && access (filename, R_OK) == -1)
736 {
737 rc = gpg_error_from_errno (errno);
738 if (gpg_err_code (rc) == GPG_ERR_ENOENT)
739 {
740 /* Fixes clearing the cache entry that was created during OPEN when
741 * SAVE'ing a new file. */
742 if ((defer && *defer == 1) || !defer)
743 {
744 rc = cache_defer_clear (filename);
745 if (!rc && defer)
746 *defer = 1;
747 }
748
749 rc = GPG_ERR_ENOENT;
750 }
751 }
752
753 return rc;
754 }
755
756 gpg_error_t
757 cache_defer_clear (const char *filename)
758 {
759 MUTEX_LOCK (&cache_mutex);
760 file_cache_t *p = get_entry (filename);
761 gpg_error_t rc = 0;
762
763 if (!p)
764 rc = GPG_ERR_NOT_FOUND;
765 else
766 p->defer_clear = 1;
767
768 MUTEX_UNLOCK (&cache_mutex);
769 return rc;
770 }
771
772 gpg_error_t
773 cache_set_timeout (const char *filename, int timeout)
774 {
775 return set_timeout (filename, timeout, 0, 1);
776 }
777
778 void
779 cache_deinit ()
780 {
781 MUTEX_LOCK (&cache_mutex);
782 int i, t = slist_length (key_cache);
783
784 pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
785 for (i = 0; i < t; i++)
786 {
787 file_cache_t *p = slist_nth_data (key_cache, i);
788
789 free_entry (p, 1);
790 t = slist_length (key_cache);
791 i = -1;
792 }
793
794 gcry_free (cache_key);
795 xfree (cache_iv);
796 cache_key = NULL;
797 cache_iv = NULL;
798 agent_free (cache_agent);
799 cache_agent = NULL;
800 pthread_cleanup_pop (1);
801 pthread_mutex_destroy (&cache_mutex);
802 }
803
804 void
805 cache_mutex_init ()
806 {
807 pthread_mutexattr_t attr;
808
809 pthread_mutexattr_init (&attr);
810 pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE);
811 pthread_mutex_init (&cache_mutex, &attr);
812 pthread_mutexattr_destroy (&attr);
813 }
814
815 gpg_error_t
816 cache_init ()
817 {
818 gpg_error_t rc = 0;
819
820 rc = agent_init (&cache_agent);
821 if (rc)
822 {
823 cache_agent = NULL;
824 return rc;
825 }
826
827 if (!cache_key)
828 {
829 rc = gcry_cipher_algo_info (GCRY_CIPHER_AES, GCRYCTL_GET_BLKLEN, NULL,
830 &cache_blocksize);
831 if (rc)
832 return rc;
833
834 rc = gcry_cipher_algo_info (GCRY_CIPHER_AES, GCRYCTL_GET_KEYLEN, NULL,
835 &cache_keysize);
836 if (rc)
837 return rc;
838
839 cache_key = gcry_malloc (cache_keysize);
840 if (!cache_key)
841 return GPG_ERR_ENOMEM;
842
843 cache_iv = xmalloc (cache_blocksize);
844 if (!cache_iv)
845 {
846 gcry_free (cache_key);
847 cache_key = NULL;
848 return GPG_ERR_ENOMEM;
849 }
850
851 gcry_create_nonce (cache_key, cache_keysize);
852 gcry_create_nonce (cache_iv, cache_blocksize);
853 }
854
855
856 cache_mutex_init ();
857 return rc;
858 }
859
860 void
861 cache_lock ()
862 {
863 MUTEX_LOCK (&cache_mutex);
864 }
865
866 void
867 cache_unlock ()
868 {
869 MUTEX_UNLOCK (&cache_mutex);
870 }
871
872 void
873 free_cache_data_once (struct cache_data_s *data)
874 {
875 if (!data)
876 return;
877
878 strv_free (data->pubkey);
879 strv_free (data->sigkey);
880 xfree (data->crc);
881 xfree (data->doc);
882 xfree (data);
883 }
884
885 static void
886 cleanup_cipher (void *arg)
887 {
888 gcry_cipher_close ((gcry_cipher_hd_t) arg);
889 }
890
891 gpg_error_t
892 cache_encrypt (struct crypto_s *crypto)
893 {
894 gpg_error_t rc;
895 gcry_cipher_hd_t h;
896 size_t len = crypto->plaintext_size;
897
898 rc = gcry_cipher_open (&h, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0);
899 if (rc)
900 return rc;
901
902 if (len % cache_blocksize)
903 {
904 unsigned char *p;
905
906 len += cache_blocksize - (len % cache_blocksize);
907 p = xrealloc (crypto->plaintext, len * sizeof (unsigned char));
908 if (!p)
909 {
910 gcry_cipher_close (h);
911 return GPG_ERR_ENOMEM;
912 }
913
914 crypto->plaintext = p;
915 memset (&crypto->plaintext[crypto->plaintext_size], 0,
916 len - crypto->plaintext_size);
917 }
918
919 pthread_cleanup_push (cleanup_cipher, h);
920 rc = gcry_cipher_setiv (h, cache_iv, cache_blocksize);
921 if (!rc)
922 {
923 rc = gcry_cipher_setkey (h, cache_key, cache_keysize);
924 if (!rc)
925 {
926 unsigned char *buf = xmalloc (len);
927
928 pthread_cleanup_push (xfree, buf);
929
930 if (!buf)
931 rc = GPG_ERR_ENOMEM;
932
933 if (!rc)
934 {
935 rc = gcry_cipher_encrypt (h, buf, len, crypto->plaintext, len);
936 if (!rc)
937 {
938 xfree (crypto->plaintext);
939 crypto->plaintext = buf;
940 crypto->plaintext_size = len;
941 }
942 }
943
944 pthread_cleanup_pop (rc != 0);
945 }
946 }
947
948 pthread_cleanup_pop (1);
949 return rc;
950 }
951
952 gpg_error_t
953 cache_decrypt (struct crypto_s *crypto)
954 {
955 gcry_cipher_hd_t h = NULL;
956 gpg_error_t rc;
957
958 rc = gcry_cipher_open (&h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
959 if (rc)
960 return rc;
961
962 if (!rc)
963 rc = gcry_cipher_setiv (h, cache_iv, cache_blocksize);
964
965 if (!rc)
966 rc = gcry_cipher_setkey (h, cache_key, cache_keysize);
967
968 pthread_cleanup_push (cleanup_cipher, h);
969
970 if (!rc)
971 {
972 rc = gcry_cipher_decrypt (h, crypto->plaintext, crypto->plaintext_size,
973 NULL, 0);
974 if (rc || strncmp ((char *)crypto->plaintext, "<?xml ", 6))
975 {
976 if (!rc)
977 rc = GPG_ERR_BAD_DATA;
978 }
979 }
980
981 pthread_cleanup_pop (1);
982 return rc;
983 }
984
985 gpg_error_t
986 cache_kill_scd ()
987 {
988 gpg_error_t rc;
989
990 MUTEX_LOCK (&cache_mutex);
991 rc = agent_kill_scd (cache_agent);
992 MUTEX_UNLOCK (&cache_mutex);
993 return rc;
994 }
An API for pwmd.