search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
KILL: Test for errors other than GPG_ERR_EACCES, too.
[libpwmd.git] / src / cache.c
blob14538f94a5be392abeb1fd1a8402c77d25133736
1 /*
2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015,
3 2016
4 Ben Kibbey <bjk@luxsci.net>
5
6 This file is part of pwmd.
7
8 Pwmd is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation, either version 2 of the License, or
11 (at your option) any later version.
12
13 Pwmd is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
20 */
21 #ifdef HAVE_CONFIG_H
22 #include <config.h>
23 #endif
24
25 #include <stdio.h>
26 #include <unistd.h>
27 #include <pthread.h>
28 #include <ctype.h>
29 #include <errno.h>
30
31 #include "pwmd-error.h"
32 #include <gcrypt.h>
33 #include "mutex.h"
34 #include "cache.h"
35 #include "status.h"
36 #include "mem.h"
37 #include "util-misc.h"
38 #include "util-string.h"
39 #include "agent.h"
40
41 #ifdef HAVE_TIME_H
42 #include <time.h>
43 #endif
44
45 static pthread_mutex_t cache_mutex;
46 static struct slist_s *key_cache;
47 static unsigned char *cache_iv;
48 static unsigned char *cache_key;
49 static size_t cache_blocksize;
50 static size_t cache_keysize;
51 struct agent_s *cache_agent;
52
53 extern void log_write (const char *fmt, ...);
54
55 static gpg_error_t clear_once (file_cache_t * p, int agent);
56 static int remove_entry (const char *);
57 static void free_entry (file_cache_t * p, int agent);
58
59 static file_cache_t *
60 get_entry (const char *filename)
61 {
62 int t = slist_length (key_cache);
63 int i;
64
65 if (!filename)
66 return NULL;
67
68 for (i = 0; i < t; i++)
69 {
70 file_cache_t *p = slist_nth_data (key_cache, i);
71
72 if (!strcmp (p->filename, filename))
73 return p;
74 }
75
76 return NULL;
77 }
78
79 gpg_error_t
80 cache_lock_mutex (void *ctx, const char *filename, long lock_timeout, int add,
81 int timeout)
82 {
83 MUTEX_LOCK (&cache_mutex);
84 gpg_error_t rc = 0;
85 file_cache_t *p = get_entry (filename);
86
87 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
88
89 if (p)
90 {
91 MUTEX_UNLOCK (&cache_mutex);
92 MUTEX_TRYLOCK (ctx, p->mutex, rc, lock_timeout);
93 }
94 else if (add)
95 {
96 rc = cache_add_file (filename, NULL, timeout);
97 if (!rc)
98 {
99 p = get_entry (filename);
100 MUTEX_UNLOCK (&cache_mutex);
101 MUTEX_TRYLOCK (ctx, p->mutex, rc, lock_timeout);
102 }
103 else
104 {
105 MUTEX_UNLOCK (&cache_mutex);
106 }
107 }
108 else
109 {
110 MUTEX_UNLOCK (&cache_mutex);
111 }
112
113 pthread_cleanup_pop (0);
114 return !p && !rc ? GPG_ERR_NO_DATA : rc;
115 }
116
117 static int
118 remove_entry (const char *filename)
119 {
120 MUTEX_LOCK (&cache_mutex);
121 file_cache_t *p = get_entry (filename);
122
123 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
124 if (p)
125 {
126 /* Keep a refcount because another client maybe editing this same new
127 * file. The entry needs to be kept in case the other client SAVE's.
128 */
129 p->refcount--;
130 if (!p->refcount)
131 free_entry (p, 0);
132 }
133
134 pthread_cleanup_pop (1);
135 return p ? 1 : 0;
136 }
137
138 static gpg_error_t
139 free_cache_data (file_cache_t * cache)
140 {
141 gpg_error_t rc = GPG_ERR_NO_DATA;
142 int i, t;
143 struct client_thread_s *found = NULL;
144 int self = 0;
145
146 if (!cache->data)
147 return 0;
148
149 MUTEX_LOCK (&cache_mutex);
150 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
151 MUTEX_LOCK (&cn_mutex);
152 pthread_cleanup_push (release_mutex_cb, &cn_mutex);
153
154 t = slist_length (cn_thread_list);
155 for (i = 0; i < t; i++)
156 {
157 struct client_thread_s *thd = slist_nth_data (cn_thread_list, i);
158
159 if (!thd->cl)
160 continue;
161
162 self = pthread_equal (pthread_self (), thd->tid);
163
164 if (thd->cl->filename && !strcmp (thd->cl->filename, cache->filename))
165 {
166 if (self)
167 {
168 found = thd;
169 continue;
170 }
171
172 /* Continue trying to find a client who has the same file open and
173 * also has a lock. */
174 rc = cache_lock_mutex (thd->cl->ctx, thd->cl->filename, -1, 0, -1);
175 if (!rc)
176 {
177 found = thd;
178 break;
179 }
180 }
181 }
182
183 if (self && (!rc || rc == GPG_ERR_NO_DATA) && found)
184 rc = cache_lock_mutex (found->cl->ctx, found->cl->filename, -1, 0, -1);
185
186 if (exiting || !rc || rc == GPG_ERR_NO_DATA)
187 {
188 cache_free_data_once (cache->data);
189 cache->data = NULL;
190 cache->defer_clear = 0;
191 cache->timeout = -1;
192
193 if (found)
194 cache_unlock_mutex (found->cl->filename, 0);
195
196 rc = 0;
197 }
198
199 if (rc)
200 cache->defer_clear = 1;
201
202 pthread_cleanup_pop (1);
203 pthread_cleanup_pop (1);
204 return rc;
205 }
206
207 gpg_error_t
208 cache_unlock_mutex (const char *filename, int remove)
209 {
210 MUTEX_LOCK (&cache_mutex);
211 file_cache_t *p = get_entry (filename);
212
213 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
214
215 if (p)
216 {
217 MUTEX_UNLOCK (p->mutex);
218 if (remove)
219 remove_entry (filename);
220 }
221
222 pthread_cleanup_pop (1);
223 return p ? 0 : GPG_ERR_NO_DATA;
224 }
225
226 static gpg_error_t
227 test_agent_cache_once (file_cache_t *p, const char *grip)
228 {
229 gpg_error_t rc;
230 char *line;
231
232 rc = agent_command (cache_agent, &line, NULL, "KEYINFO --data %s", grip);
233 if (!rc)
234 {
235 char **fields = str_split (line, " ", 0);
236
237 /* Smartcard. */
238 if (*fields[1] == 'T')
239 rc = GPG_ERR_NO_DATA;
240 else
241 rc = isdigit (*fields[4]) || *fields[5] == 'C' ? 0 : GPG_ERR_NO_DATA;
242
243 strv_free (fields);
244 xfree (line);
245 }
246
247 return rc;
248 }
249
250 /* Test each keygrip in data->(sig)grip for gpg-agent cache status. The file is
251 * considered cached if at least one grip is cached in the agent or one siggrip
252 * is cached in the case of 'sign'.
253 */
254 static gpg_error_t
255 test_agent_cache (file_cache_t *data, int sign)
256 {
257 gpg_error_t rc = 0;
258 char **p;
259
260 if ((!data->grip && !sign) || (!data->siggrip && sign))
261 return GPG_ERR_NO_DATA;
262
263 for (p = data->grip; !sign && p && *p; p++)
264 {
265 rc = test_agent_cache_once (data, *p);
266 if (!rc || rc != GPG_ERR_NO_DATA)
267 break;
268 }
269
270 if (!rc && sign)
271 {
272 for (p = data->siggrip; p && *p; p++)
273 {
274 rc = test_agent_cache_once (data, *p);
275 if (!rc || rc != GPG_ERR_NO_DATA)
276 break;
277 }
278 }
279
280 return rc;
281 }
282
283 static gpg_error_t
284 extract_keygrip_once (struct crypto_s *crypto, char **keyids, int sign,
285 char ***dst)
286 {
287 gpgme_key_t *result;
288 gpgme_error_t rc;
289 int i;
290 char **grips = NULL;
291
292 rc = crypto_list_keys (crypto, keyids, sign, &result);
293 if (rc)
294 return rc;
295
296 for (i = 0; result[i]; i++)
297 {
298 gpgme_subkey_t s;
299
300 for (s = result[i]->subkeys; s; s = s->next)
301 {
302 char **k;
303
304 if (sign && !s->can_sign)
305 continue;
306
307 for (k = keyids; *k; k++)
308 {
309 if (!strcmp (*k, s->keyid) && s->keygrip)
310 {
311 char **tmp;
312 size_t len = strv_length (grips);
313
314 tmp = xrealloc (grips, len+2 * sizeof (char *));
315 if (!tmp)
316 {
317 rc = GPG_ERR_ENOMEM;
318 break;
319 }
320
321 grips = tmp;
322 grips[len] = str_dup (s->keygrip);
323 if (!grips[len])
324 {
325 rc = GPG_ERR_ENOMEM;
326 break;
327 }
328
329 grips[++len] = NULL;
330 }
331 }
332 }
333 }
334
335 if (!rc)
336 {
337 strv_free (*dst);
338 *dst = grips;
339 }
340 else
341 {
342 strv_free (grips);
343 grips = NULL;
344 }
345
346 crypto_free_key_list (result);
347 return rc ? rc : grips ? rc : GPG_ERR_NO_DATA;
348 }
349
350 static gpg_error_t
351 extract_keygrips (file_cache_t *data)
352 {
353 gpg_error_t rc = 0;
354 struct crypto_s *crypto;
355 char **grips = NULL, **siggrips = NULL;
356
357 if (!data || !data->data)
358 return 0;
359
360 rc = crypto_init (&crypto, NULL, NULL, 0, NULL);
361 if (rc)
362 return rc;
363
364 pthread_cleanup_push ((void *)crypto_free, crypto);
365
366 if (data->data->pubkey)
367 rc = extract_keygrip_once (crypto, data->data->pubkey, 0, &grips);
368
369 if (!rc && data->data->sigkey)
370 rc = extract_keygrip_once (crypto, data->data->sigkey, 1, &siggrips);
371
372 if (!rc)
373 {
374 strv_free (data->grip);
375 data->grip = grips;
376 strv_free (data->siggrip);
377 data->siggrip = siggrips;
378 }
379 else
380 {
381 strv_free (grips);
382 strv_free (siggrips);
383 }
384
385 pthread_cleanup_pop (1);
386 return rc;
387 }
388
389 static gpg_error_t
390 iscached (const char *filename, int *defer, int agent, int sign)
391 {
392 file_cache_t *p = get_entry (filename);
393 gpg_error_t rc = 0;
394
395 if (!agent)
396 {
397 if (!p || !p->data)
398 return GPG_ERR_NO_DATA;
399
400 if (defer)
401 *defer = p->defer_clear;
402
403 return 0;
404 }
405
406 if (!p)
407 return GPG_ERR_NO_DATA;
408
409 if (defer)
410 *defer = p->defer_clear;
411
412 if (!rc && (p->grip || p->siggrip))
413 rc = test_agent_cache (p, sign);
414 else if (!rc)
415 rc = GPG_ERR_NO_DATA;
416
417 return rc;
418 }
419
420 unsigned
421 cache_file_count ()
422 {
423 MUTEX_LOCK (&cache_mutex);
424 unsigned total = 0, i, n;
425
426 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
427 n = slist_length (key_cache);
428 for (i = 0; i < n; i++)
429 {
430 file_cache_t *p = slist_nth_data (key_cache, i);
431
432 if (!iscached (p->filename, NULL, 0, 0))
433 total++;
434 }
435
436 pthread_cleanup_pop (1);
437 return total;
438 }
439
440 void
441 cache_adjust_timeout ()
442 {
443 MUTEX_LOCK (&cache_mutex);
444 int t = slist_length (key_cache);
445 int i;
446
447 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
448
449 for (i = 0; i < t; i++)
450 {
451 file_cache_t *p = slist_nth_data (key_cache, i);
452
453 if (p->timeout > 0)
454 p->timeout--;
455
456 if (!p->timeout || (p->defer_clear && p->timeout != -1))
457 {
458 /* The file associated with this cache entry may be locked by a
459 * client. Defer freeing this cache entry until the next timeout
460 * check. */
461 if (!clear_once (p, 1))
462 send_status_all (STATUS_CACHE, NULL);
463 }
464 }
465
466 pthread_cleanup_pop (1);
467 }
468
469 static gpg_error_t
470 set_timeout (const char *filename, int timeout, int defer, int force)
471 {
472 MUTEX_LOCK (&cache_mutex);
473 file_cache_t *p = get_entry (filename);
474 gpg_error_t rc = 0;
475
476 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
477
478 if (!p)
479 {
480 MUTEX_UNLOCK (&cache_mutex);
481 return GPG_ERR_NOT_FOUND;
482 }
483
484 p->reset = timeout;
485 if (!p->defer_clear && (p->timeout == -1 || force))
486 p->timeout = timeout;
487
488 if (!timeout || defer)
489 {
490 rc = clear_once (p, 1);
491 if (!rc)
492 send_status_all (STATUS_CACHE, NULL);
493 }
494
495 pthread_cleanup_pop (1);
496 return rc;
497 }
498
499 gpg_error_t
500 cache_set_data (const char *filename, struct cache_data_s * data)
501 {
502 MUTEX_LOCK (&cache_mutex);
503 gpg_error_t rc = GPG_ERR_NO_DATA;
504 file_cache_t *p = get_entry (filename);
505
506 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
507
508 if (p)
509 {
510 p->data = data;
511 rc = set_timeout (filename, p->reset, p->defer_clear, 0);
512 if (!rc && !p->reset)
513 {
514 clear_once (p, 0);
515 send_status_all (STATUS_CACHE, NULL);
516 }
517 else if (!rc)
518 rc = extract_keygrips (p);
519 }
520
521 pthread_cleanup_pop (1);
522 return p && !rc ? 0 : rc;
523 }
524
525 struct cache_data_s *
526 cache_get_data (const char *filename)
527 {
528 MUTEX_LOCK (&cache_mutex);
529 file_cache_t *p = get_entry (filename);
530
531 MUTEX_UNLOCK (&cache_mutex);
532 return p ? p->data : NULL;
533 }
534
535 gpg_error_t
536 cache_add_file (const char *filename, struct cache_data_s *data, int timeout)
537 {
538 MUTEX_LOCK (&cache_mutex);
539 file_cache_t *p = get_entry (filename);
540 struct slist_s *new;
541 gpg_error_t rc = 0;
542
543 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
544
545 if (p)
546 {
547 p->data = data;
548 p->refcount++;
549 rc = set_timeout (filename, timeout, p->defer_clear, 0);
550 MUTEX_UNLOCK (&cache_mutex);
551 send_status_all (STATUS_CACHE, NULL);
552
553 if (!rc)
554 rc = extract_keygrips (p);
555
556 return rc;
557 }
558
559 p = xcalloc (1, sizeof (file_cache_t));
560 if (!p)
561 {
562 MUTEX_UNLOCK (&cache_mutex);
563 return GPG_ERR_ENOMEM;
564 }
565
566 p->mutex = (pthread_mutex_t *) xmalloc (sizeof (pthread_mutex_t));
567 if (!p->mutex)
568 {
569 xfree (p);
570 MUTEX_UNLOCK (&cache_mutex);
571 return GPG_ERR_ENOMEM;
572 }
573
574 pthread_mutexattr_t attr;
575 pthread_mutexattr_init (&attr);
576 pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE);
577 pthread_mutex_init (p->mutex, &attr);
578 pthread_mutexattr_destroy (&attr);
579 p->filename = str_dup (filename);
580 p->data = data;
581 p->refcount++;
582 new = slist_append (key_cache, p);
583 if (!new)
584 {
585 pthread_mutex_destroy (p->mutex);
586 xfree (p->mutex);
587 xfree (p);
588 MUTEX_UNLOCK (&cache_mutex);
589 return GPG_ERR_ENOMEM;
590 }
591
592 key_cache = new;
593 rc = cache_set_timeout(filename, timeout);
594 pthread_cleanup_pop (1);
595 send_status_all (STATUS_CACHE, NULL);
596
597 if (!rc)
598 rc = extract_keygrips (p);
599
600 return rc;
601 }
602
603 gpg_error_t
604 cache_clear_agent_keys (const char *filename, int decrypt, int sign)
605 {
606 MUTEX_LOCK (&cache_mutex);
607 gpg_error_t rc = 0;
608 char **key;
609 file_cache_t *p = get_entry (filename);
610
611 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
612
613 if (!p)
614 {
615 MUTEX_UNLOCK (&cache_mutex);
616 return GPG_ERR_NOT_FOUND;
617 }
618
619 for (key = p->grip; decrypt && key && *key; key++)
620 {
621 rc = agent_command (cache_agent, NULL, NULL,
622 "CLEAR_PASSPHRASE --mode=normal %s", *key);
623 if (rc)
624 break;
625 }
626
627 for (key = p->siggrip; sign && key && *key; key++)
628 {
629 rc = agent_command (cache_agent, NULL, NULL,
630 "CLEAR_PASSPHRASE --mode=normal %s", *key);
631 if (rc)
632 break;
633 }
634
635 pthread_cleanup_pop (1);
636 return rc;
637 }
638
639 static gpg_error_t
640 clear_once (file_cache_t *p, int agent)
641 {
642 gpg_error_t rc = 0, trc;
643
644 if (agent)
645 rc = cache_clear_agent_keys (p->filename, 1, 1);
646
647 trc = free_cache_data (p);
648 return rc ? rc : trc;
649 }
650
651 static void
652 free_entry (file_cache_t *p, int agent)
653 {
654 gpg_error_t rc;
655
656 if (!p)
657 return;
658
659 rc = clear_once (p, agent);
660 if (rc)
661 log_write ("%s(): %s", __FUNCTION__, pwmd_strerror (rc));
662
663 if (p->mutex)
664 {
665 pthread_mutex_destroy (p->mutex);
666 xfree (p->mutex);
667 }
668
669 strv_free (p->grip);
670 strv_free (p->siggrip);
671 xfree (p->filename);
672 key_cache = slist_remove (key_cache, p);
673 xfree (p);
674 }
675
676 gpg_error_t
677 cache_clear (struct client_s *client, const char *filename, int agent)
678 {
679 file_cache_t *p;
680 gpg_error_t rc = 0, all_rc = 0;
681 int i, t;
682
683 MUTEX_LOCK (&cache_mutex);
684 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
685
686 if (filename)
687 {
688 p = get_entry (filename);
689 if (!p)
690 {
691 MUTEX_UNLOCK (&cache_mutex);
692 return 0;
693 }
694
695 rc = clear_once (p, agent);
696 MUTEX_UNLOCK (&cache_mutex);
697 if (rc)
698 log_write ("%s(): %s", __FUNCTION__, pwmd_strerror (rc));
699
700 return rc;
701 }
702
703 t = slist_length (key_cache);
704 for (i = 0; i < t; i++)
705 {
706 p = slist_nth_data (key_cache, i);
707
708 if (client)
709 {
710 assuan_peercred_t peer;
711 int n = client->no_access_param;
712
713 client->no_access_param = 1;
714 rc = do_validate_peer (client->ctx, p->filename, &peer);
715 client->no_access_param = n;
716 if (rc == GPG_ERR_FORBIDDEN)
717 rc = peer_is_invoker (client);
718
719 if (rc)
720 {
721 all_rc = !all_rc ? rc : all_rc;
722 continue;
723 }
724 }
725
726 clear_once (p, agent);
727 }
728
729 pthread_cleanup_pop (1);
730 return all_rc;
731 }
732
733 gpg_error_t
734 cache_iscached (const char *filename, int *defer, int agent, int sign)
735 {
736 gpg_error_t rc;
737
738 if (!filename)
739 return GPG_ERR_INV_PARAMETER;
740
741 MUTEX_LOCK (&cache_mutex);
742 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
743 rc = iscached (filename, defer, agent, sign);
744
745 /* Test if the data file disappeared from the filesystem. */
746 if ((!rc || gpg_err_code (rc) == GPG_ERR_NO_DATA)
747 && access (filename, R_OK) == -1)
748 {
749 rc = gpg_error_from_errno (errno);
750 if (gpg_err_code (rc) == GPG_ERR_ENOENT)
751 {
752 /* Fixes clearing the cache entry that was created during OPEN when
753 * SAVE'ing a new file. */
754 if ((defer && *defer == 1) || !defer)
755 {
756 rc = cache_defer_clear (filename);
757 if (!rc && defer)
758 *defer = 1;
759 }
760
761 rc = GPG_ERR_ENOENT;
762 }
763 }
764
765 pthread_cleanup_pop (1);
766 return rc;
767 }
768
769 gpg_error_t
770 cache_defer_clear (const char *filename)
771 {
772 MUTEX_LOCK (&cache_mutex);
773 file_cache_t *p = get_entry (filename);
774 gpg_error_t rc = 0;
775
776 if (!p)
777 rc = GPG_ERR_NOT_FOUND;
778 else
779 p->defer_clear = 1;
780
781 MUTEX_UNLOCK (&cache_mutex);
782 return rc;
783 }
784
785 gpg_error_t
786 cache_set_timeout (const char *filename, int timeout)
787 {
788 return set_timeout (filename, timeout, 0, 1);
789 }
790
791 void
792 cache_deinit ()
793 {
794 MUTEX_LOCK (&cache_mutex);
795 int i, t = slist_length (key_cache);
796
797 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
798 for (i = 0; i < t; i++)
799 {
800 file_cache_t *p = slist_nth_data (key_cache, i);
801
802 free_entry (p, 1);
803 t = slist_length (key_cache);
804 i = -1;
805 }
806
807 gcry_free (cache_key);
808 xfree (cache_iv);
809 cache_key = NULL;
810 cache_iv = NULL;
811 agent_free (cache_agent);
812 cache_agent = NULL;
813 pthread_cleanup_pop (1);
814 pthread_mutex_destroy (&cache_mutex);
815 }
816
817 void
818 cache_mutex_init ()
819 {
820 pthread_mutexattr_t attr;
821
822 pthread_mutexattr_init (&attr);
823 pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE);
824 pthread_mutex_init (&cache_mutex, &attr);
825 pthread_mutexattr_destroy (&attr);
826 }
827
828 gpg_error_t
829 cache_init ()
830 {
831 gpg_error_t rc = 0;
832
833 rc = agent_init (&cache_agent);
834 if (rc)
835 {
836 cache_agent = NULL;
837 return rc;
838 }
839
840 if (!cache_key)
841 {
842 rc = gcry_cipher_algo_info (GCRY_CIPHER_AES, GCRYCTL_GET_BLKLEN, NULL,
843 &cache_blocksize);
844 if (rc)
845 return rc;
846
847 rc = gcry_cipher_algo_info (GCRY_CIPHER_AES, GCRYCTL_GET_KEYLEN, NULL,
848 &cache_keysize);
849 if (rc)
850 return rc;
851
852 cache_key = gcry_malloc (cache_keysize);
853 if (!cache_key)
854 return GPG_ERR_ENOMEM;
855
856 cache_iv = xmalloc (cache_blocksize);
857 if (!cache_iv)
858 {
859 gcry_free (cache_key);
860 cache_key = NULL;
861 return GPG_ERR_ENOMEM;
862 }
863
864 gcry_create_nonce (cache_key, cache_keysize);
865 gcry_create_nonce (cache_iv, cache_blocksize);
866 }
867
868
869 cache_mutex_init ();
870 return rc;
871 }
872
873 void
874 cache_lock ()
875 {
876 MUTEX_LOCK (&cache_mutex);
877 }
878
879 void
880 cache_unlock ()
881 {
882 MUTEX_UNLOCK (&cache_mutex);
883 }
884
885 void
886 cache_free_data_once (struct cache_data_s *data)
887 {
888 if (!data)
889 return;
890
891 strv_free (data->pubkey);
892 strv_free (data->sigkey);
893 xfree (data->crc);
894 xfree (data->doc);
895 xfree (data);
896 }
897
898 static void
899 release_cipher (void *arg)
900 {
901 gcry_cipher_close ((gcry_cipher_hd_t) arg);
902 }
903
904 gpg_error_t
905 cache_encrypt (struct crypto_s *crypto)
906 {
907 gpg_error_t rc;
908 gcry_cipher_hd_t h;
909 size_t len = crypto->plaintext_size;
910
911 rc = gcry_cipher_open (&h, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0);
912 if (rc)
913 return rc;
914
915 if (len % cache_blocksize)
916 {
917 unsigned char *p;
918
919 len += cache_blocksize - (len % cache_blocksize);
920 p = xrealloc (crypto->plaintext, len * sizeof (unsigned char));
921 if (!p)
922 {
923 gcry_cipher_close (h);
924 return GPG_ERR_ENOMEM;
925 }
926
927 crypto->plaintext = p;
928 memset (&crypto->plaintext[crypto->plaintext_size], 0,
929 len - crypto->plaintext_size);
930 }
931
932 pthread_cleanup_push (release_cipher, h);
933 rc = gcry_cipher_setiv (h, cache_iv, cache_blocksize);
934 if (!rc)
935 {
936 rc = gcry_cipher_setkey (h, cache_key, cache_keysize);
937 if (!rc)
938 {
939 unsigned char *buf = xmalloc (len);
940
941 pthread_cleanup_push (xfree, buf);
942
943 if (!buf)
944 rc = GPG_ERR_ENOMEM;
945
946 if (!rc)
947 {
948 rc = gcry_cipher_encrypt (h, buf, len, crypto->plaintext, len);
949 if (!rc)
950 {
951 xfree (crypto->plaintext);
952 crypto->plaintext = buf;
953 crypto->plaintext_size = len;
954 }
955 }
956
957 pthread_cleanup_pop (rc != 0);
958 }
959 }
960
961 pthread_cleanup_pop (1);
962 return rc;
963 }
964
965 gpg_error_t
966 cache_decrypt (struct crypto_s *crypto)
967 {
968 gcry_cipher_hd_t h = NULL;
969 gpg_error_t rc;
970
971 rc = gcry_cipher_open (&h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
972 if (rc)
973 return rc;
974
975 if (!rc)
976 rc = gcry_cipher_setiv (h, cache_iv, cache_blocksize);
977
978 if (!rc)
979 rc = gcry_cipher_setkey (h, cache_key, cache_keysize);
980
981 pthread_cleanup_push (release_cipher, h);
982
983 if (!rc)
984 {
985 rc = gcry_cipher_decrypt (h, crypto->plaintext, crypto->plaintext_size,
986 NULL, 0);
987 if (rc || strncmp ((char *)crypto->plaintext, "<?xml ", 6))
988 {
989 if (!rc)
990 rc = GPG_ERR_BAD_DATA;
991 }
992 }
993
994 pthread_cleanup_pop (1);
995 return rc;
996 }
997
998 gpg_error_t
999 cache_kill_scd ()
1000 {
1001 gpg_error_t rc;
1002
1003 MUTEX_LOCK (&cache_mutex);
1004 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
1005 rc = agent_kill_scd (cache_agent);
1006 pthread_cleanup_pop (1);
1007 return rc;
1008 }
1009
1010 void
1011 cache_release_mutex ()
1012 {
1013 MUTEX_UNLOCK (&cache_mutex);
1014 }
An API for pwmd.