search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixup commit 5f89607.
[pwmd.git] / src / crypto.c
blobba47cf77b5f62b136f929dfb80054eb6d8295b17
1 /*
2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012
3 Ben Kibbey <bjk@luxsci.net>
4
5 This file is part of pwmd.
6
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
11
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
19 */
20 #ifdef HAVE_CONFIG_H
21 #include <config.h>
22 #endif
23
24 #include <stdio.h>
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 #include <fcntl.h>
28 #include <errno.h>
29
30 #ifdef WITH_LIBACL
31 #include <sys/acl.h>
32 #endif
33
34 #include "pwmd-error.h"
35 #include "util-misc.h"
36 #include "common.h"
37 #include "rcfile.h"
38 #include "pinentry.h"
39 #include "crypto.h"
40 #include "cache.h"
41 #include "mem.h"
42 #include "util-string.h"
43
44 static uint8_t pwmd_magic[5] = { '\177', 'P', 'W', 'M', 'D' };
45
46 void
47 set_header_defaults (file_header_t * hdr)
48 {
49 char *s = config_get_string (NULL, "cipher");
50 int flags = cipher_string_to_cipher (s);
51
52 xfree (s);
53 memset (hdr, 0, sizeof (file_header_t));
54 memcpy (hdr->magic, pwmd_magic, sizeof (hdr->magic));
55 if (flags == -1)
56 log_write (_
57 ("Invalid 'cipher' in configuration file. Using a default of aes256."));
58 hdr->flags = flags == -1 ? PWMD_CIPHER_AES256 : flags;
59 hdr->version = VERSION_HEX;
60
61 #ifdef WITH_AGENT
62 if (use_agent)
63 hdr->flags |= PWMD_FLAG_PKCS;
64 #endif
65 }
66
67 gpg_error_t
68 read_data_header (const char *filename, file_header_t * rhdr,
69 struct stat *rst, int *rfd)
70 {
71 gpg_error_t rc = 0;
72 size_t len;
73 struct stat st;
74 file_header_t hdr;
75 int fd;
76
77 if (lstat (filename, &st) == -1)
78 return gpg_error_from_syserror ();
79
80 if (!S_ISREG (st.st_mode))
81 return GPG_ERR_ENOANO;
82
83 fd = open (filename, O_RDONLY);
84 if (fd == -1)
85 return gpg_error_from_syserror ();
86
87 len = read (fd, &hdr, sizeof (file_header_t));
88 if (len != sizeof (file_header_t))
89 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
90
91 if (!rc && memcmp (hdr.magic, pwmd_magic, sizeof (hdr.magic)))
92 rc = GPG_ERR_BAD_DATA;
93 else if (hdr.version < 0x030000)
94 rc = GPG_ERR_UNKNOWN_VERSION;
95
96 if (rc)
97 close (fd);
98 else
99 {
100 if (rhdr)
101 *rhdr = hdr;
102 if (rst)
103 *rst = st;
104 if (rfd)
105 *rfd = fd;
106 else
107 close (fd);
108 }
109
110 return rc;
111 }
112
113 gpg_error_t
114 read_data_file (const char *filename, struct crypto_s * crypto)
115 {
116 int fd;
117 gpg_error_t rc = 0;
118 size_t len, rlen;
119 char *buf = NULL;
120 struct stat st;
121
122 cleanup_crypto_stage1 (crypto);
123 rc = read_data_header (filename, &crypto->hdr, &st, &fd);
124 if (rc)
125 return rc;
126
127 crypto->ciphertext_len = crypto->hdr.datalen;
128 crypto->ciphertext = xmalloc (crypto->hdr.datalen);
129 if (!crypto->ciphertext)
130 {
131 rc = GPG_ERR_ENOMEM;
132 goto fail;
133 }
134
135 if (crypto->hdr.flags & PWMD_FLAG_PKCS)
136 {
137 rlen = read (fd, crypto->grip, 20);
138 if (rlen != 20)
139 {
140 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
141 goto fail;
142 }
143
144 rlen = read (fd, crypto->sign_grip, 20);
145 if (rlen != 20)
146 {
147 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
148 goto fail;
149 }
150 }
151
152 len = read (fd, crypto->ciphertext, crypto->hdr.datalen);
153 if (len != crypto->hdr.datalen)
154 {
155 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
156 goto fail;
157 }
158
159 if (!(crypto->hdr.flags & PWMD_FLAG_PKCS))
160 goto fail;
161
162 #ifndef WITH_AGENT
163 rc = GPG_ERR_NOT_IMPLEMENTED;
164 goto fail;
165 #else
166 if (!use_agent)
167 return GPG_ERR_NOT_IMPLEMENTED;
168
169 len = st.st_size - sizeof (file_header_t) - crypto->hdr.datalen - 40;
170 buf = xmalloc (len);
171 if (!buf)
172 {
173 rc = GPG_ERR_ENOMEM;
174 goto fail;
175 }
176
177 rlen = read (fd, buf, len);
178 if (rlen != len)
179 {
180 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
181 goto fail;
182 }
183
184 rc = gcry_sexp_new (&crypto->ciphertext_sexp, buf, rlen, 1);
185 if (rc)
186 goto fail;
187
188 if (crypto->pkey_sexp)
189 gcry_sexp_release (crypto->pkey_sexp);
190
191 if (crypto->sigpkey_sexp)
192 gcry_sexp_release (crypto->sigpkey_sexp);
193
194 crypto->pkey_sexp = crypto->sigpkey_sexp = NULL;
195 rc = get_pubkey_bin (crypto, crypto->grip, &crypto->pkey_sexp);
196 if (!rc)
197 rc = get_pubkey_bin (crypto, crypto->sign_grip, &crypto->sigpkey_sexp);
198 #endif
199
200 fail:
201 close (fd);
202 xfree (buf);
203 return rc;
204 }
205
206 #define CRYPTO_BLOCKSIZE(c) (blocksize * 1024)
207
208 /*
209 * Useful for a large amount of data. Rather than doing all of the data in one
210 * iteration do it in chunks. This lets the command be cancelable rather than
211 * waiting for it to complete.
212 */
213 static gpg_error_t
214 iterate_crypto_once (gcry_cipher_hd_t h, unsigned char *inbuf,
215 size_t insize, size_t blocksize, status_msg_t which)
216 {
217 gpg_error_t rc = 0;
218 off_t len = CRYPTO_BLOCKSIZE (blocksize);
219 void *p = gcry_malloc (len);
220 off_t total = 0;
221 unsigned char *inbuf2;
222
223 if (!p)
224 return GPG_ERR_ENOMEM;
225
226 if (insize < CRYPTO_BLOCKSIZE (blocksize))
227 len = insize;
228
229 pthread_cleanup_push (gcry_free, p);
230
231 for (;;)
232 {
233 inbuf2 = inbuf + total;
234 unsigned char *tmp;
235
236 if (len + total > insize)
237 len = blocksize;
238
239 if (which == STATUS_ENCRYPT)
240 rc = gcry_cipher_encrypt (h, p, len, inbuf2, len);
241 else
242 rc = gcry_cipher_decrypt (h, p, len, inbuf2, len);
243
244 if (rc)
245 break;
246
247 tmp = inbuf + total;
248 memmove (tmp, p, len);
249 total += len;
250 if (total >= insize)
251 break;
252
253 #ifdef HAVE_PTHREAD_TESTCANCEL
254 pthread_testcancel ();
255 #endif
256 }
257
258 pthread_cleanup_pop (1);
259 return rc;
260 }
261
262 static void
263 cleanup_cipher (void *arg)
264 {
265 gcry_cipher_close ((gcry_cipher_hd_t) arg);
266 }
267
268 gpg_error_t
269 decrypt_data (assuan_context_t ctx, struct crypto_s *crypto,
270 unsigned char *salted_key, size_t skeylen)
271 {
272 gpg_error_t rc = 0;
273 unsigned char *key = salted_key;
274 gcry_cipher_hd_t h = NULL;
275 size_t blocksize, keysize = 0;
276 int algo = cipher_to_gcrypt (crypto->hdr.flags);
277 void *outbuf = NULL;
278 uint64_t n = crypto->hdr.iterations;
279 long progress = 0;
280 #ifdef WITH_AGENT
281 size_t keylen = skeylen;
282 gcry_sexp_t sig_sexp;
283
284 if (crypto->hdr.flags & PWMD_FLAG_PKCS)
285 {
286 rc = agent_extract_key (crypto, &key, &keylen);
287 if (rc)
288 return rc;
289
290 sig_sexp = gcry_sexp_find_token (crypto->ciphertext_sexp, "sig-val", 0);
291 if (!sig_sexp)
292 {
293 gcry_free (key);
294 return GPG_ERR_BAD_DATA;
295 }
296
297 rc = agent_verify (crypto->sigpkey_sexp, sig_sexp, crypto->ciphertext,
298 crypto->ciphertext_len);
299 gcry_sexp_release (sig_sexp);
300 }
301 #endif
302
303 if (!rc)
304 {
305 rc = gcry_cipher_open (&h, algo, GCRY_CIPHER_MODE_CBC, 0);
306 if (!rc)
307 {
308 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL,
309 &keysize);
310 if (!rc)
311 {
312 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_BLKLEN, NULL,
313 &blocksize);
314 if (!rc)
315 {
316 rc = gcry_cipher_setiv (h, crypto->hdr.iv,
317 sizeof (crypto->hdr.iv));
318 if (!rc)
319 {
320 rc = gcry_cipher_setkey (h, key, keysize);
321 }
322 }
323 }
324 }
325 }
326
327 pthread_cleanup_push (cleanup_cipher, rc ? NULL : h);
328
329 if (!rc)
330 {
331 outbuf = gcry_malloc (crypto->hdr.datalen);
332 if (!outbuf)
333 rc = GPG_ERR_ENOMEM;
334 }
335
336 pthread_cleanup_push (gcry_free, outbuf);
337 #ifdef WITH_AGENT
338 pthread_cleanup_push (gcry_free, key);
339 #endif
340
341 if (!rc)
342 {
343 memcpy (outbuf, crypto->ciphertext, crypto->hdr.datalen);
344 rc = iterate_crypto_once (h, outbuf, crypto->hdr.datalen, blocksize,
345 STATUS_DECRYPT);
346 if (!rc)
347 {
348 key[0] ^= 1;
349 rc = gcry_cipher_setkey (h, key, keysize);
350 }
351 }
352
353 if (!rc)
354 {
355 progress = config_get_long (NULL, "cipher_progress");
356 if (progress == -1)
357 progress = strtol (DEFAULT_ITERATION_PROGRESS, NULL, 10);
358 }
359
360 if (!rc && ctx && crypto->hdr.iterations)
361 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu", 0,
362 crypto->hdr.iterations);
363
364 for (n = 0; !rc && n < crypto->hdr.iterations; n++)
365 {
366 if (ctx && !(n % progress))
367 {
368 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu", n,
369 crypto->hdr.iterations);
370 if (rc)
371 break;
372 }
373
374 rc = gcry_cipher_setiv (h, crypto->hdr.iv, sizeof (crypto->hdr.iv));
375 if (rc)
376 break;
377
378 rc = iterate_crypto_once (h, outbuf, crypto->hdr.datalen, blocksize,
379 STATUS_DECRYPT);
380 }
381
382 if (!rc && ctx && crypto->hdr.iterations)
383 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu", n,
384 crypto->hdr.iterations);
385
386 #ifdef WITH_AGENT
387 pthread_cleanup_pop (0);
388 if (crypto->hdr.flags & PWMD_FLAG_PKCS)
389 gcry_free (key);
390 else if (key)
391 key[0] ^= 1;
392 #else
393 key[0] ^= 1;
394 #endif
395 pthread_cleanup_pop (rc ? 1 : 0); /* outbuf */
396 pthread_cleanup_pop (1); /* cipher */
397 if (!rc)
398 {
399 char buf[] = "<?xml ";
400
401 if (memcmp (outbuf, buf, sizeof(buf)-1))
402 {
403 gcry_free (outbuf);
404 return gpg_error (GPG_ERR_BAD_PASSPHRASE);
405 }
406
407 crypto->plaintext = outbuf;
408 crypto->plaintext_len = crypto->hdr.datalen;
409 }
410
411 return rc;
412 }
413
414 gpg_error_t
415 decrypt_xml (struct crypto_s * crypto, const void *data, size_t len)
416 {
417 gcry_cipher_hd_t h = NULL;
418 gpg_error_t rc;
419
420 rc = gcry_cipher_open (&h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
421 if (rc)
422 return rc;
423
424 gcry_free (crypto->plaintext);
425 crypto->plaintext = gcry_malloc (len);
426 if (!crypto->plaintext)
427 {
428 rc = GPG_ERR_ENOMEM;
429 goto done;
430 }
431
432 rc = gcry_cipher_setiv (h, cache_iv, cache_blocksize);
433 if (rc)
434 goto done;
435
436 rc = gcry_cipher_setkey (h, cache_key, cache_keysize);
437 if (rc)
438 goto done;
439
440 rc = gcry_cipher_decrypt (h, crypto->plaintext, len, data, len);
441 if (rc || strncmp (crypto->plaintext, "<?xml ", 6))
442 {
443 if (!rc)
444 rc = GPG_ERR_BAD_DATA;
445
446 gcry_free (crypto->plaintext);
447 crypto->plaintext = NULL;
448 }
449
450 crypto->plaintext_len = len;
451
452 done:
453 if (h)
454 gcry_cipher_close (h);
455
456 return rc;
457 }
458
459 gpg_error_t
460 encrypt_xml (assuan_context_t ctx, void *key, size_t keylen,
461 int algo, const void *xml, size_t len, void * *result,
462 size_t *result_len, unsigned char **iv, size_t * iv_len,
463 uint64_t iter)
464 {
465 gpg_error_t rc;
466 gcry_cipher_hd_t h;
467 size_t blocksize, keysize;
468 void *inbuf = NULL;
469 size_t olen = len;
470 uint64_t n = 0;
471 long progress;
472 unsigned char *tmpkey = NULL;
473 int free_iv = *(iv_len) == 0;
474
475 rc = gcry_cipher_open (&h, algo, GCRY_CIPHER_MODE_CBC, 0);
476 if (rc)
477 return rc;
478
479 pthread_cleanup_push (cleanup_cipher, h);
480 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &keysize);
481 if (!rc)
482 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_BLKLEN, NULL, &blocksize);
483
484 if (!rc && *(iv_len) == 0)
485 {
486 *(iv) = xmalloc (blocksize);
487 if (!*(iv))
488 rc = GPG_ERR_ENOMEM;
489
490 gcry_create_nonce (*(iv), blocksize);
491 }
492
493 pthread_cleanup_push (xfree, *(iv_len) == 0 ? *(iv) : NULL);
494 if (!rc)
495 {
496 *iv_len = blocksize;
497 tmpkey = gcry_malloc (keysize);
498 if (!tmpkey)
499 rc = GPG_ERR_ENOMEM;
500 }
501
502 pthread_cleanup_push (gcry_free, tmpkey);
503
504 if (!rc)
505 {
506 memcpy (tmpkey, key, keysize);
507 tmpkey[0] ^= 1;
508 rc = gcry_cipher_setkey (h, tmpkey, keysize);
509 if (!rc)
510 {
511 if (len % blocksize)
512 len += blocksize - (len % blocksize);
513 }
514 }
515
516 if (!rc)
517 {
518 inbuf = gcry_malloc (len);
519 if (!inbuf)
520 rc = GPG_ERR_ENOMEM;
521 }
522
523 pthread_cleanup_push (gcry_free, inbuf);
524
525 if (!rc)
526 {
527 memset (inbuf, 0, len);
528 memcpy (inbuf, xml, olen);
529 progress = config_get_long (NULL, "cipher_progress");
530 if (progress == -1)
531 progress = strtol (DEFAULT_ITERATION_PROGRESS, NULL, 10);
532
533 if (!rc && ctx && iter)
534 rc = send_status (ctx, STATUS_ENCRYPT, "%llu %llu", 0, iter);
535
536 for (n = 0; !rc && n < iter; n++)
537 {
538 if (ctx && !(n % progress))
539 {
540 rc = send_status (ctx, STATUS_ENCRYPT, "%llu %llu", n, iter);
541 if (rc)
542 break;
543 }
544
545 rc = gcry_cipher_setiv (h, *(iv), blocksize);
546 if (rc)
547 break;
548
549 rc = iterate_crypto_once (h, inbuf, len, blocksize, STATUS_ENCRYPT);
550 }
551 }
552
553 if (!rc && ctx && iter)
554 rc = send_status (ctx, STATUS_ENCRYPT, "%llu %llu", n, iter);
555
556 if (!rc)
557 {
558 /* Do at least one iteration. */
559 rc = gcry_cipher_setiv (h, *(iv), blocksize);
560 if (!rc)
561 {
562 rc = gcry_cipher_setkey (h, key, keysize);
563 if (!rc)
564 rc = iterate_crypto_once (h, inbuf, len, blocksize,
565 STATUS_ENCRYPT);
566 }
567 }
568
569 pthread_cleanup_pop (rc ? 1 : 0); /* inbuf */
570 pthread_cleanup_pop (1); /* tmpkey */
571 pthread_cleanup_pop (rc && free_iv ? 1 : 0); /* iv */
572 pthread_cleanup_pop (1); /* cipher */
573 *result = rc ? NULL : inbuf;
574 *result_len = len;
575 return rc;
576 }
577
578 void
579 cleanup_save (struct save_s *save)
580 {
581 if (!save)
582 return;
583
584 #ifdef WITH_AGENT
585 if (save->pkey)
586 gcry_sexp_release (save->pkey);
587
588 if (save->sigpkey)
589 gcry_sexp_release (save->sigpkey);
590 #endif
591
592 memset (save, 0, sizeof (struct save_s));
593 }
594
595 /* Keep the agent ctx to retain pinentry options which will be freed in
596 * cleanup_cb(). Also keep .pubkey since it may be needed for a SAVE. */
597 void
598 cleanup_crypto_stage1 (struct crypto_s *cr)
599 {
600 if (!cr)
601 return;
602
603 cleanup_save (&cr->save);
604
605 #ifdef WITH_AGENT
606 if (cr->ciphertext_sexp)
607 gcry_sexp_release (cr->ciphertext_sexp);
608
609 cr->ciphertext_sexp = NULL;
610 #endif
611
612 gcry_free (cr->plaintext);
613 xfree (cr->ciphertext);
614 xfree (cr->filename);
615 cr->filename = NULL;
616 cr->ciphertext = NULL;
617 cr->ciphertext_len = 0;
618 cr->plaintext = NULL;
619 cr->plaintext_len = 0;
620 }
621
622 void
623 cleanup_crypto_stage2 (struct crypto_s *cr)
624 {
625 if (!cr)
626 return;
627
628 cleanup_crypto_stage1 (cr);
629 set_header_defaults (&cr->hdr);
630 }
631
632 void
633 cleanup_crypto (struct crypto_s **c)
634 {
635 struct crypto_s *cr = *c;
636
637 if (!cr)
638 return;
639
640 cleanup_crypto_stage2 (cr);
641
642 #ifdef WITH_AGENT
643 if (cr->pkey_sexp)
644 gcry_sexp_release (cr->pkey_sexp);
645
646 if (cr->sigpkey_sexp)
647 gcry_sexp_release (cr->sigpkey_sexp);
648
649 if (cr->agent)
650 cleanup_agent (cr->agent);
651 #endif
652
653 xfree (cr);
654 *c = NULL;
655 }
656
657 gpg_error_t
658 init_client_crypto (struct crypto_s **crypto)
659 {
660 struct crypto_s *new = xcalloc (1, sizeof (struct crypto_s));
661 gpg_error_t rc;
662
663 if (!new)
664 {
665 rc = GPG_ERR_ENOMEM;
666 return rc;
667 }
668
669 #ifdef WITH_AGENT
670 if (use_agent)
671 {
672 rc = agent_init (&new->agent);
673 if (!rc)
674 {
675 rc = send_agent_common_options (new->agent);
676 if (!rc)
677 rc = agent_set_pinentry_options (new->agent);
678 }
679
680 if (rc)
681 {
682 xfree (new);
683 return rc;
684 }
685 }
686 #endif
687
688 set_header_defaults (&new->hdr);
689 *crypto = new;
690 return 0;
691 }
692
693 gpg_error_t
694 export_common (assuan_context_t ctx, int inquire, struct crypto_s * crypto,
695 const void *data, size_t datalen, const char *outfile,
696 const char *keyfile, void **rkey, size_t *rkeylen,
697 int use_cache, int force)
698 {
699 gpg_error_t rc = 0;
700 void *enc_xml = NULL;
701 size_t enc_xml_len = 0;
702 unsigned char *iv = NULL;
703 size_t iv_len = 0;
704 int algo = cipher_to_gcrypt (crypto->save.hdr.flags);
705 void *key = NULL, *salted_key = NULL;
706 size_t keysize, keylen;
707 int cached = 0;
708
709 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &keysize);
710 if (rc)
711 return rc;
712
713 if (keyfile)
714 {
715 int fd;
716 unsigned char *buf;
717 size_t len;
718 struct stat st;
719
720 if (stat (keyfile, &st) == -1)
721 return gpg_error_from_syserror ();
722
723 buf = gcry_malloc (st.st_size);
724 if (!buf)
725 return GPG_ERR_ENOMEM;
726
727 fd = open (keyfile, O_RDONLY);
728 if (fd == -1)
729 rc = gpg_error_from_syserror ();
730 else
731 {
732 len = read (fd, buf, st.st_size);
733 if (len != st.st_size)
734 rc = GPG_ERR_TOO_SHORT;
735 }
736
737 if (fd != -1)
738 close (fd);
739
740 key = buf;
741 keylen = st.st_size;
742 log_write (_("Using passphrase obtained from file '%s'"), keyfile);
743
744 if (!keylen)
745 {
746 char *tmp;
747
748 gcry_free (key);
749 tmp = gcry_malloc (1);
750 *tmp = 0;
751 key = tmp;
752 keylen++;
753 }
754 }
755 else
756 {
757 if (use_cache)
758 {
759 cache_lock ();
760 cached = cache_iscached (outfile, NULL) == 0;
761 if (cached)
762 {
763 struct cache_data_s *cdata = cache_get_data_filename (outfile);
764
765 salted_key = gcry_malloc (cdata->keylen);
766 if (salted_key)
767 {
768 memcpy (salted_key, cdata->key, cdata->keylen);
769 keysize = cdata->keylen;
770 }
771 else
772 rc = GPG_ERR_ENOMEM;
773 }
774
775 cache_unlock ();
776 }
777
778 if (!rc && !cached)
779 {
780 if (force) // SAVE
781 {
782 struct crypto_s *tmp = NULL;
783 gpg_error_t rc = init_client_crypto (&tmp);
784
785 if (!rc)
786 {
787 rc = read_data_file (outfile, tmp);
788 if (!rc)
789 {
790 rc = decrypt_common (ctx, inquire, tmp, outfile,
791 (char **)&key, &keylen);
792 if (rc)
793 gcry_free (key);
794 }
795 }
796
797 cleanup_crypto (&tmp);
798 if (rc && gpg_err_code (rc) == GPG_ERR_ENOENT)
799 use_cache = 0;
800 else if (rc)
801 return rc;
802 }
803
804 if (!use_cache) // PASSWD or new file
805 {
806 gcry_free (key);
807 if (inquire)
808 {
809 rc = inquire_passphrase (ctx, "NEW_PASSPHRASE",
810 (unsigned char **)&key, &keylen);
811 }
812 else
813 {
814 rc = getpin_common (ctx, outfile, PINENTRY_SAVE,
815 (char **)&key, &keylen);
816 }
817
818 if (rc)
819 return rc;
820 }
821 else
822 {
823 salted_key = key;
824 keysize = keylen;
825 cached = 1;
826 }
827 }
828 }
829
830 if (!rc && !cached)
831 {
832 rc = hash_key (algo, crypto->save.hdr.salt,
833 sizeof(crypto->save.hdr.salt), key, keylen, &salted_key,
834 &keysize);
835 gcry_free (key);
836 }
837
838 if (!rc)
839 rc = encrypt_xml (ctx, salted_key, keysize, algo, data, datalen,
840 &enc_xml, &enc_xml_len, &iv, &iv_len,
841 crypto->save.hdr.iterations);
842
843 if (!rc)
844 {
845 memcpy (crypto->save.hdr.iv, iv, iv_len);
846 xfree (iv);
847 crypto->save.hdr.datalen = enc_xml_len;
848 rc = write_file (crypto, outfile, enc_xml, enc_xml_len, NULL, 0, NULL,
849 NULL);
850 gcry_free (enc_xml);
851 if (!rc)
852 {
853 *rkey = salted_key;
854 *rkeylen = keysize;
855 memcpy (&crypto->hdr, &crypto->save.hdr, sizeof (file_header_t));
856 }
857 }
858
859 if (rc)
860 gcry_free (salted_key);
861
862 return rc;
863 }
864
865 #ifdef WITH_LIBACL
866 static void
867 cleanup_acl (void *arg)
868 {
869 acl_t acl = *(acl_t *) arg;
870
871 if (acl)
872 acl_free (acl);
873 }
874 #endif
875
876 gpg_error_t
877 write_file (struct crypto_s *crypto, const char *filename,
878 void *data, size_t data_len, void *sexp, size_t sexp_len,
879 void *pubkey, void *sigpkey)
880 {
881 char tmp[FILENAME_MAX] = { 0 };
882 mode_t mode = 0;
883 struct stat st;
884 int fd;
885 gpg_error_t rc = 0;
886 size_t len;
887 #ifdef WITH_LIBACL
888 acl_t acl = NULL;
889 #endif
890
891 if (filename)
892 {
893 if (lstat (filename, &st) == 0)
894 {
895 mode = st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO);
896
897 if (!(mode & S_IWUSR))
898 return GPG_ERR_EACCES;
899 }
900 else if (errno != ENOENT)
901 return gpg_error_from_syserror ();
902
903 snprintf (tmp, sizeof (tmp), "%s.XXXXXX", filename);
904 fd = mkstemp (tmp);
905 if (fd == -1)
906 {
907 rc = gpg_error_from_syserror ();
908 log_write ("%s: %s", tmp, pwmd_strerror (rc));
909 return rc;
910 }
911 }
912 else
913 {
914 // xml_import() or convert_file() from command line.
915 fd = STDOUT_FILENO;
916 }
917
918 pthread_cleanup_push (cleanup_unlink_cb, tmp);
919 crypto->save.hdr.version = VERSION_HEX;
920 len = write (fd, &crypto->save.hdr, sizeof (file_header_t));
921 if (len == sizeof (file_header_t))
922 {
923 if (crypto->save.hdr.flags & PWMD_FLAG_PKCS)
924 {
925 unsigned char grip[20];
926
927 gcry_pk_get_keygrip ((gcry_sexp_t) pubkey, grip);
928 len = write (fd, grip, sizeof (grip));
929 if (len == sizeof (grip))
930 {
931 gcry_pk_get_keygrip ((gcry_sexp_t) sigpkey, grip);
932 len = write (fd, grip, sizeof (grip));
933 if (len == sizeof (grip))
934 {
935 len = write (fd, data, data_len);
936 if (len == data_len)
937 {
938 len = write (fd, sexp, sexp_len);
939 if (len != sexp_len)
940 rc = gpg_error_from_syserror ();
941 }
942 else
943 rc = gpg_error_from_syserror ();
944 }
945 }
946 else
947 rc = gpg_error_from_syserror ();
948 }
949 else
950 {
951 len = write (fd, data, data_len);
952 if (len != data_len)
953 rc = gpg_error_from_syserror ();
954 }
955 }
956 else
957 rc = gpg_error_from_syserror ();
958
959 #ifdef WITH_LIBACL
960 pthread_cleanup_push (cleanup_acl, &acl);
961 #endif
962 if (!rc)
963 {
964 if (fsync (fd) != -1)
965 {
966 if (filename && close (fd) != -1)
967 {
968 #ifdef WITH_LIBACL
969 acl = acl_get_file (filename, ACL_TYPE_ACCESS);
970 if (!acl && errno == ENOENT)
971 acl = acl_get_file (".", ACL_TYPE_DEFAULT);
972 if (!acl)
973 log_write ("ACL: %s: %s", filename,
974 pwmd_strerror (gpg_error_from_syserror ()));
975 #endif
976
977 if (mode && config_get_boolean (filename, "backup"))
978 {
979 char tmp2[FILENAME_MAX];
980
981 snprintf (tmp2, sizeof (tmp2), "%s.backup", filename);
982 if (rename (filename, tmp2) == -1)
983 rc = gpg_error_from_syserror ();
984 }
985 }
986 else if (filename)
987 rc = gpg_error_from_syserror ();
988 }
989 else
990 rc = gpg_error_from_syserror ();
991 }
992
993 if (!rc)
994 {
995 if (filename && rename (tmp, filename) != -1)
996 {
997 tmp[0] = 0;
998 if (filename && mode)
999 chmod (filename, mode);
1000
1001 #ifdef WITH_LIBACL
1002 if (acl && acl_set_file (filename, ACL_TYPE_ACCESS, acl))
1003 log_write ("ACL: %s: %s", filename,
1004 pwmd_strerror (gpg_error_from_syserror ()));
1005 #endif
1006 }
1007 else
1008 rc = gpg_error_from_syserror ();
1009 }
1010
1011 #ifdef WITH_LIBACL
1012 pthread_cleanup_pop (1);
1013 #endif
1014 pthread_cleanup_pop (rc ? 1 : 0); // unlink
1015 return rc;
1016 }
1017
1018 gpg_error_t
1019 hash_key (int algo, unsigned char *salt, size_t salt_len, const void *key,
1020 size_t keylen, void **result, size_t *rlen)
1021 {
1022 gpg_error_t rc;
1023 void *tmp;
1024
1025 /* Be sure the algorithm is available. */
1026 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, rlen);
1027 if (rc)
1028 return rc;
1029
1030 /* Always allocate enough for a 256-bit key although the algorithms
1031 themselves may use less. Fixes SAVE --cipher with a different
1032 keylen than the previously saved cipher when cached. */
1033 *rlen = 32;
1034 tmp = xmalloc (*rlen);
1035 if (!tmp)
1036 return GPG_ERR_ENOMEM;
1037
1038 rc = gcry_kdf_derive(key, keylen, GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA1,
1039 salt, salt_len, DEFAULT_KDFS2K_ITERATIONS, *rlen, tmp);
1040 if (!rc)
1041 *result = tmp;
1042 else
1043 xfree (tmp);
1044
1045 return rc;
1046 }
1047
1048 gpg_error_t
1049 change_passwd (assuan_context_t ctx, const char *filename, int inquire,
1050 struct crypto_s **rcrypto)
1051 {
1052 unsigned char *key = NULL;
1053 size_t keylen = 0;
1054 struct crypto_s *crypto = NULL;
1055 gpg_error_t rc = init_client_crypto (&crypto);
1056
1057 if (rc)
1058 return rc;
1059
1060 crypto->client_ctx = ctx;
1061 rc = read_data_file (filename, crypto);
1062 if (rc)
1063 {
1064 cleanup_crypto (&crypto);
1065 return rc;
1066 }
1067
1068 rc = decrypt_common (ctx, inquire, crypto, filename, (char **)&key, &keylen);
1069 gcry_free (key);
1070 key = NULL;
1071 if (rc)
1072 {
1073 cleanup_crypto (&crypto);
1074 return rc;
1075 }
1076
1077 if (!rc)
1078 {
1079 memcpy (&crypto->save.hdr, &crypto->hdr, sizeof (file_header_t));
1080 rc = export_common (ctx, inquire, crypto, crypto->plaintext,
1081 crypto->plaintext_len, crypto->filename, NULL,
1082 (void **)&key, &keylen, 0, 0);
1083 }
1084
1085 if (!rc)
1086 {
1087 int cached;
1088
1089 rc = save_common (filename, crypto, crypto->plaintext,
1090 crypto->plaintext_len, key, keylen, &cached, 1);
1091 if (!rc)
1092 *rcrypto = crypto;
1093 }
1094
1095 if (rc)
1096 {
1097 gcry_free (key);
1098 cleanup_crypto (&crypto);
1099 }
1100
1101 return rc;
1102 }
1103
1104 // FIXME gcry_sexp_t is updated in cdata. make a temp var in case of failure.
1105 gpg_error_t
1106 save_common (const char *filename, struct crypto_s *crypto,
1107 const unsigned char *data, size_t datalen,
1108 const unsigned char *key, size_t keylen, int *cached, int no_agent)
1109 {
1110 struct cache_data_s *cdata;
1111 gpg_error_t rc;
1112
1113 /* This is safe since it is a fast operation. */
1114 cache_lock ();
1115 pthread_cleanup_push (cleanup_cache_mutex, NULL);
1116 cdata = cache_get_data_filename (filename);
1117 *cached = cdata != NULL;
1118
1119 if (!cdata)
1120 cdata = xcalloc (1, sizeof (struct cache_data_s));
1121
1122 #ifdef WITH_AGENT
1123 if (use_agent && !no_agent)
1124 {
1125 /* Update in case of any --keygrip argument */
1126 if (cdata->pubkey)
1127 gcry_sexp_release (cdata->pubkey);
1128
1129 gcry_sexp_build ((gcry_sexp_t *) & cdata->pubkey, NULL, "%S",
1130 crypto->pkey_sexp);
1131
1132 if (cdata->sigkey)
1133 gcry_sexp_release (cdata->sigkey);
1134
1135 gcry_sexp_build ((gcry_sexp_t *) & cdata->sigkey, NULL, "%S",
1136 crypto->sigpkey_sexp);
1137 }
1138 #endif
1139
1140 gcry_free (cdata->doc);
1141 cdata->doc = NULL;
1142 cdata->key = (unsigned char *)key;
1143 cdata->keylen = keylen;
1144 rc = encrypt_xml (NULL, cache_key, cache_keysize, GCRY_CIPHER_AES, data,
1145 datalen, &cdata->doc, &cdata->doclen, &cache_iv,
1146 &cache_blocksize, 0);
1147 if (!rc)
1148 {
1149 unsigned char md5file[16];
1150
1151 gcry_md_hash_buffer (GCRY_MD_MD5, md5file, filename, strlen (filename));
1152 rc = cache_set_data (md5file, cdata, crypto->grip);
1153 }
1154
1155 pthread_cleanup_pop (1); // mutex unlock
1156 return rc;
1157 }
1158
1159 gpg_error_t
1160 getpin_common (assuan_context_t ctx, const char *filename, int which,
1161 char **rkey, size_t *rkeylen)
1162 {
1163 gpg_error_t rc;
1164 struct client_s *client = assuan_get_pointer (ctx);
1165 struct pinentry_s *pin = pinentry_init (filename);
1166
1167 if (!pin)
1168 return GPG_ERR_ENOMEM;
1169
1170 pinentry_merge_options (&pin->pinentry_opts, &client->pinentry_opts);
1171 rc = pinentry_lock (ctx, pin);
1172 if (!rc)
1173 rc = pinentry_getpin (pin, rkey, which);
1174
1175 pinentry_deinit (pin);
1176 if (rc)
1177 return rc;
1178
1179 *rkeylen = strlen (*rkey);
1180 if (!(*rkeylen))
1181 (*rkeylen)++;
1182
1183 return rc;
1184 }
1185
1186 /* Note: 'key' is freed with gcry_free() and not xfree(). Although
1187 * both call xfree(). */
1188 gpg_error_t
1189 inquire_passphrase (assuan_context_t ctx, const char *keyword,
1190 unsigned char **result, size_t *rlen)
1191 {
1192 gpg_error_t rc;
1193
1194 assuan_begin_confidential (ctx);
1195 rc = assuan_inquire (ctx, keyword, result, rlen, 0);
1196 assuan_end_confidential (ctx);
1197 return rc;
1198 }
1199
1200 gpg_error_t
1201 decrypt_common (assuan_context_t ctx, int inquire, struct crypto_s *crypto,
1202 const char *filename, char **rkey, size_t *rkeylen)
1203 {
1204 char *key = NULL;
1205 size_t keylen = 0;
1206 gpg_error_t rc = read_data_file (filename, crypto);
1207 int algo = cipher_to_gcrypt (crypto->hdr.flags);
1208 void *salted_key = NULL;
1209 size_t keysize = 0;
1210
1211 if (rc)
1212 {
1213 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1214 return rc;
1215 }
1216
1217 key = config_get_string (filename, "passphrase");
1218 if (key)
1219 {
1220 log_write (_("Trying the passphrase specified in config ..."));
1221 keylen = strlen (key);
1222 }
1223
1224 if (!key)
1225 {
1226 key = config_get_string (filename, "passphrase_file");
1227 if (key)
1228 {
1229 char *tmp = expand_homedir (key);
1230 int fd;
1231 struct stat st;
1232
1233 xfree (key);
1234 key = tmp;
1235 log_write (_("Trying the passphrase using file '%s' ..."), key);
1236 fd = open (key, O_RDONLY);
1237 if (fd == -1)
1238 {
1239 log_write ("%s: %s", key,
1240 pwmd_strerror (gpg_error_from_syserror ()));
1241 xfree (key);
1242 return rc;
1243 }
1244
1245 stat (key, &st);
1246 xfree (key);
1247 key = xmalloc (st.st_size);
1248 if (key)
1249 {
1250 if (read (fd, key, st.st_size) != st.st_size)
1251 {
1252 log_write ("short read() count");
1253 rc = GPG_ERR_TOO_SHORT;
1254 }
1255 }
1256 else
1257 rc = GPG_ERR_ENOMEM;
1258
1259 close (fd);
1260
1261 if (rc)
1262 {
1263 log_write ("%s", pwmd_strerror (rc));
1264 xfree (key);
1265 return rc;
1266 }
1267
1268 keylen = st.st_size;
1269 if (!keylen)
1270 {
1271 tmp = xmalloc (1);
1272 *tmp = 0;
1273 xfree (key);
1274 key = tmp;
1275 keylen++;
1276 }
1277 }
1278 }
1279
1280 if (!key && !IS_PKCS (crypto) && inquire)
1281 {
1282 rc = inquire_passphrase (ctx, "PASSPHRASE", (unsigned char **)&key,
1283 &keylen);
1284 if (rc)
1285 {
1286 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1287 return rc;
1288 }
1289
1290 if (!keylen)
1291 keylen++;
1292 }
1293 else if (!key && !IS_PKCS (crypto))
1294 {
1295 rc = getpin_common (ctx, filename, PINENTRY_OPEN, &key, &keylen);
1296 if (rc)
1297 {
1298 log_write ("%s", pwmd_strerror (rc));
1299 return rc;
1300 }
1301 }
1302 #ifdef WITH_AGENT
1303 else if (key && IS_PKCS (crypto))
1304 {
1305 rc = set_agent_passphrase (crypto, key, keylen);
1306 if (rc)
1307 {
1308 xfree (key);
1309 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1310 return rc;
1311 }
1312 }
1313 #endif
1314
1315 if (key && !IS_PKCS (crypto))
1316 {
1317 rc = hash_key (algo, crypto->hdr.salt, sizeof(crypto->hdr.salt), key,
1318 keylen, &salted_key, &keysize);
1319 xfree (key);
1320 key = (char *)salted_key;
1321 keylen = keysize;
1322 if (rc)
1323 {
1324 xfree (salted_key);
1325 return rc;
1326 }
1327 }
1328
1329 xfree (crypto->filename);
1330 crypto->filename = str_dup (filename);
1331 rc = decrypt_data (NULL, crypto, (unsigned char *)key, keylen);
1332 if (rc)
1333 {
1334 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1335 xfree (key);
1336 }
1337 else
1338 {
1339 *rkey = key;
1340 *rkeylen = keylen;
1341 }
1342
1343 return rc;
1344 }
A server for managing passphrases and anything else.