2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013
3 Ben Kibbey <bjk@luxsci.net>
5 This file is part of pwmd.
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
25 #include <sys/types.h>
29 #include <netinet/in.h>
30 #include <arpa/inet.h>
36 #include "pwmd-error.h"
37 #include "util-misc.h"
44 #include "util-string.h"
46 static uint8_t pwmd_magic
[5] = { '\177', 'P', 'W', 'M', 'D' };
48 /* Sets the default cipher values for new files. */
50 set_header_defaults (file_header_t
* hdr
)
52 char *s
= config_get_string (NULL
, "cipher");
53 int flags
= cipher_string_to_cipher (s
);
56 memset (hdr
, 0, sizeof (file_header_t
));
57 memcpy (hdr
->magic
, pwmd_magic
, sizeof (hdr
->magic
));
60 ("Invalid 'cipher' in configuration file. Using a default of aes256."));
61 hdr
->flags
= flags
== -1 ? PWMD_CIPHER_AES256
: flags
;
62 hdr
->version
= VERSION_HEX
;
66 hdr
->flags
|= PWMD_FLAG_PKI
;
71 read_header (file_header_t
*hdr
, int fd
)
77 #ifdef WORDS_BIGENDIAN
78 len
= read (fd
, &hdr
->magic
, sizeof(hdr
->magic
));
82 len
= read (fd
, &hdr
->version
, sizeof(hdr
->version
));
86 len
= read (fd
, &hdr
->iterations
, sizeof(hdr
->iterations
));
90 len
= read (fd
, &hdr
->flags
, sizeof(hdr
->flags
));
94 len
= read (fd
, &hdr
->iv
, sizeof(hdr
->iv
));
98 len
= read (fd
, &hdr
->salt
, sizeof(hdr
->salt
));
102 len
= read (fd
, &hdr
->datalen
, sizeof(hdr
->datalen
));
106 len
= read (fd
, &hdr
->magic
, sizeof(hdr
->magic
));
110 len
= read (fd
, &i
, sizeof(hdr
->version
));
113 hdr
->version
= ntohl (i
);
115 len
= read (fd
, &n
, sizeof(hdr
->iterations
));
118 hdr
->iterations
= (((uint64_t) ntohl (n
)) << 32) + ntohl (n
>> 32);
120 len
= read (fd
, &n
, sizeof(hdr
->flags
));
123 hdr
->flags
= (((uint64_t) ntohl (n
)) << 32) + ntohl (n
>> 32);
125 len
= read (fd
, &hdr
->iv
, sizeof(hdr
->iv
));
129 len
= read (fd
, &hdr
->salt
, sizeof(hdr
->salt
));
133 len
= read (fd
, &i
, sizeof(hdr
->datalen
));
136 hdr
->datalen
= ntohl (i
);
140 return len
== -1 ? gpg_error_from_errno (errno
) : 0;
143 /* Read the header of a data file to determine cipher and other. The
144 * header is stored big endian in the file and is converted to little
145 * endian when needed. */
147 read_data_header (const char *filename
, file_header_t
* rhdr
,
148 struct stat
*rst
, int *rfd
)
155 if (lstat (filename
, &st
) == -1)
156 return gpg_error_from_errno (errno
);
158 if (!S_ISREG (st
.st_mode
))
159 return gpg_error (GPG_ERR_ENOANO
);
161 fd
= open (filename
, O_RDONLY
);
163 return gpg_error_from_errno (errno
);
165 rc
= read_header (&hdr
, fd
);
166 if (!rc
&& memcmp (hdr
.magic
, pwmd_magic
, sizeof (hdr
.magic
)))
167 rc
= GPG_ERR_BAD_DATA
;
168 else if (!rc
&& hdr
.version
< 0x030000)
169 rc
= GPG_ERR_UNKNOWN_VERSION
;
185 return gpg_error (rc
);
189 read_data_file (const char *filename
, struct crypto_s
* crypto
)
197 cleanup_crypto_stage1 (crypto
);
198 rc
= read_data_header (filename
, &crypto
->hdr
, &st
, &fd
);
200 return gpg_error (rc
);
202 crypto
->ciphertext_len
= crypto
->hdr
.datalen
;
203 crypto
->ciphertext
= xmalloc (crypto
->hdr
.datalen
);
204 if (!crypto
->ciphertext
)
210 /* The keygrips for PKI files are stored after the header. They are
211 * stored in the file to let file(1) magic(5) show the grips. */
212 if (crypto
->hdr
.flags
& PWMD_FLAG_PKI
)
214 rlen
= read (fd
, crypto
->grip
, 20);
217 rc
= rc
== -1 ? gpg_error_from_errno (errno
) : GPG_ERR_BAD_DATA
;
221 rlen
= read (fd
, crypto
->sign_grip
, 20);
224 rc
= rc
== -1 ? gpg_error_from_errno (errno
) : GPG_ERR_BAD_DATA
;
229 len
= read (fd
, crypto
->ciphertext
, crypto
->hdr
.datalen
);
230 if (len
!= crypto
->hdr
.datalen
)
232 rc
= rc
== -1 ? gpg_error_from_errno (errno
) : GPG_ERR_BAD_DATA
;
236 if (!(crypto
->hdr
.flags
& PWMD_FLAG_PKI
))
241 rc
= GPG_ERR_NOT_IMPLEMENTED
;
246 len
= st
.st_size
- sizeof (file_header_t
) - crypto
->hdr
.datalen
- 40;
254 /* Remaining data file bytes are the encrypted key and XML. */
255 rlen
= read (fd
, buf
, len
);
258 rc
= rc
== -1 ? gpg_error_from_errno (errno
) : GPG_ERR_BAD_DATA
;
262 rc
= gcry_sexp_new (&crypto
->ciphertext_sexp
, buf
, rlen
, 1);
266 if (crypto
->pkey_sexp
)
267 gcry_sexp_release (crypto
->pkey_sexp
);
269 if (crypto
->sigpkey_sexp
)
270 gcry_sexp_release (crypto
->sigpkey_sexp
);
272 crypto
->pkey_sexp
= crypto
->sigpkey_sexp
= NULL
;
273 rc
= get_pubkey_bin (crypto
, crypto
->grip
, &crypto
->pkey_sexp
);
275 rc
= get_pubkey_bin (crypto
, crypto
->sign_grip
, &crypto
->sigpkey_sexp
);
281 if (rc
&& gpg_err_source (rc
) == GPG_ERR_SOURCE_UNKNOWN
)
287 #define CRYPTO_BLOCKSIZE(c) (blocksize * 1024)
290 * Useful for a large amount of data. Rather than doing all of the data in one
291 * iteration do it in chunks. This lets the command be cancelable rather than
292 * waiting for it to complete.
295 iterate_crypto_once (gcry_cipher_hd_t h
, unsigned char *inbuf
,
296 size_t insize
, size_t blocksize
, status_msg_t which
)
299 off_t len
= CRYPTO_BLOCKSIZE (blocksize
);
300 void *p
= gcry_malloc (len
);
302 unsigned char *inbuf2
;
305 return gpg_error (GPG_ERR_ENOMEM
);
307 if (insize
< CRYPTO_BLOCKSIZE (blocksize
))
310 pthread_cleanup_push (gcry_free
, p
);
314 inbuf2
= inbuf
+ total
;
317 if (len
+ total
> insize
)
320 if (which
== STATUS_ENCRYPT
)
321 rc
= gcry_cipher_encrypt (h
, p
, len
, inbuf2
, len
);
323 rc
= gcry_cipher_decrypt (h
, p
, len
, inbuf2
, len
);
329 memmove (tmp
, p
, len
);
334 #ifdef HAVE_PTHREAD_TESTCANCEL
335 pthread_testcancel ();
339 pthread_cleanup_pop (1);
340 if (rc
&& gpg_err_source (rc
) == GPG_ERR_SOURCE_UNKNOWN
)
347 cleanup_cipher (void *arg
)
349 gcry_cipher_close ((gcry_cipher_hd_t
) arg
);
352 /* Decrypt the XML data. For PKI data files the key is retrieved from
353 * gpg-agent and the signature verified. */
355 decrypt_data (assuan_context_t ctx
, struct crypto_s
*crypto
,
356 unsigned char *salted_key
, size_t skeylen
)
359 unsigned char *key
= salted_key
;
360 gcry_cipher_hd_t h
= NULL
;
361 size_t blocksize
, keysize
= 0;
362 int algo
= cipher_to_gcrypt (crypto
->hdr
.flags
);
364 uint64_t n
= crypto
->hdr
.iterations
;
367 size_t keylen
= skeylen
;
368 gcry_sexp_t sig_sexp
;
370 if (crypto
->hdr
.flags
& PWMD_FLAG_PKI
)
372 rc
= agent_extract_key (crypto
, &key
, &keylen
);
376 sig_sexp
= gcry_sexp_find_token (crypto
->ciphertext_sexp
, "sig-val", 0);
380 return GPG_ERR_BAD_DATA
;
383 rc
= agent_verify (crypto
->sigpkey_sexp
, sig_sexp
, crypto
->ciphertext
,
384 crypto
->ciphertext_len
);
385 gcry_sexp_release (sig_sexp
);
391 rc
= gcry_cipher_open (&h
, algo
, GCRY_CIPHER_MODE_CBC
, 0);
394 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
,
398 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_BLKLEN
, NULL
,
402 rc
= gcry_cipher_setiv (h
, crypto
->hdr
.iv
, blocksize
);
405 rc
= gcry_cipher_setkey (h
, key
, keysize
);
412 pthread_cleanup_push (cleanup_cipher
, rc
? NULL
: h
);
416 outbuf
= gcry_malloc (crypto
->hdr
.datalen
);
421 pthread_cleanup_push (gcry_free
, outbuf
);
423 pthread_cleanup_push (gcry_free
, key
);
428 memcpy (outbuf
, crypto
->ciphertext
, crypto
->hdr
.datalen
);
429 rc
= iterate_crypto_once (h
, outbuf
, crypto
->hdr
.datalen
, blocksize
,
434 rc
= gcry_cipher_setkey (h
, key
, keysize
);
440 progress
= config_get_long (NULL
, "cipher_progress");
442 progress
= strtol (DEFAULT_ITERATION_PROGRESS
, NULL
, 10);
445 if (!rc
&& ctx
&& crypto
->hdr
.iterations
)
446 rc
= send_status (ctx
, STATUS_DECRYPT
, "%llu %llu", 0,
447 crypto
->hdr
.iterations
);
449 for (n
= 0; !rc
&& n
< crypto
->hdr
.iterations
; n
++)
451 if (ctx
&& !(n
% progress
))
453 rc
= send_status (ctx
, STATUS_DECRYPT
, "%llu %llu", n
,
454 crypto
->hdr
.iterations
);
459 rc
= gcry_cipher_setiv (h
, crypto
->hdr
.iv
, blocksize
);
463 rc
= iterate_crypto_once (h
, outbuf
, crypto
->hdr
.datalen
, blocksize
,
467 if (!rc
&& ctx
&& crypto
->hdr
.iterations
)
468 rc
= send_status (ctx
, STATUS_DECRYPT
, "%llu %llu", n
,
469 crypto
->hdr
.iterations
);
472 pthread_cleanup_pop (0);
473 if (crypto
->hdr
.flags
& PWMD_FLAG_PKI
)
480 pthread_cleanup_pop (rc
? 1 : 0); /* outbuf */
481 pthread_cleanup_pop (1); /* cipher */
484 char buf
[] = "<?xml ";
486 if (memcmp (outbuf
, buf
, sizeof(buf
)-1))
489 return gpg_error (GPG_ERR_BAD_PASSPHRASE
);
492 crypto
->plaintext
= outbuf
;
493 crypto
->plaintext_len
= crypto
->hdr
.datalen
;
496 if (rc
&& gpg_err_source (rc
) == GPG_ERR_SOURCE_UNKNOWN
)
502 /* The cached document is encrypted with encrypt_xml(). This decrypts
503 * it from the OPEN command. */
505 decrypt_cache (struct crypto_s
* crypto
, const void *data
, size_t len
)
507 gcry_cipher_hd_t h
= NULL
;
510 rc
= gcry_cipher_open (&h
, GCRY_CIPHER_AES
, GCRY_CIPHER_MODE_CBC
, 0);
514 gcry_free (crypto
->plaintext
);
515 crypto
->plaintext
= gcry_malloc (len
);
516 if (!crypto
->plaintext
)
522 rc
= gcry_cipher_setiv (h
, cache_iv
, cache_blocksize
);
526 rc
= gcry_cipher_setkey (h
, cache_key
, cache_keysize
);
530 rc
= gcry_cipher_decrypt (h
, crypto
->plaintext
, len
, data
, len
);
531 if (rc
|| strncmp (crypto
->plaintext
, "<?xml ", 6))
534 rc
= GPG_ERR_BAD_DATA
;
536 gcry_free (crypto
->plaintext
);
537 crypto
->plaintext
= NULL
;
540 crypto
->plaintext_len
= len
;
544 gcry_cipher_close (h
);
549 /* Encrypt the XML data and set 'result'. At least one encryption
550 * iteration is done. */
552 encrypt_xml (assuan_context_t ctx
, void *key
, size_t keylen
,
553 int algo
, const void *xml
, size_t len
, void * *result
,
554 size_t *result_len
, unsigned char **iv
, size_t * iv_len
,
559 size_t blocksize
, keysize
;
564 unsigned char *tmpkey
= NULL
;
565 int init_iv
= *(iv_len
) == 0;
567 rc
= gcry_cipher_open (&h
, algo
, GCRY_CIPHER_MODE_CBC
, 0);
571 pthread_cleanup_push (cleanup_cipher
, h
);
572 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
574 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_BLKLEN
, NULL
, &blocksize
);
578 *(iv
) = xmalloc (blocksize
);
582 gcry_create_nonce (*(iv
), blocksize
);
590 tmpkey
= gcry_malloc (keysize
);
595 pthread_cleanup_push (gcry_free
, tmpkey
);
599 memcpy (tmpkey
, key
, keysize
);
601 rc
= gcry_cipher_setkey (h
, tmpkey
, keysize
);
605 len
+= blocksize
- (len
% blocksize
);
611 inbuf
= gcry_malloc (len
);
616 pthread_cleanup_push (gcry_free
, inbuf
);
620 memset (inbuf
, 0, len
);
621 memcpy (inbuf
, xml
, olen
);
622 progress
= config_get_long (NULL
, "cipher_progress");
624 progress
= strtol (DEFAULT_ITERATION_PROGRESS
, NULL
, 10);
626 if (!rc
&& ctx
&& iter
)
627 rc
= send_status (ctx
, STATUS_ENCRYPT
, "%llu %llu", 0, iter
);
629 for (n
= 0; !rc
&& n
< iter
; n
++)
631 if (ctx
&& !(n
% progress
))
633 rc
= send_status (ctx
, STATUS_ENCRYPT
, "%llu %llu", n
, iter
);
638 rc
= gcry_cipher_setiv (h
, *(iv
), blocksize
);
642 rc
= iterate_crypto_once (h
, inbuf
, len
, blocksize
, STATUS_ENCRYPT
);
646 if (!rc
&& ctx
&& iter
)
647 rc
= send_status (ctx
, STATUS_ENCRYPT
, "%llu %llu", n
, iter
);
651 /* Do at least one iteration. */
652 rc
= gcry_cipher_setiv (h
, *(iv
), blocksize
);
655 rc
= gcry_cipher_setkey (h
, key
, keysize
);
657 rc
= iterate_crypto_once (h
, inbuf
, len
, blocksize
,
662 pthread_cleanup_pop (rc
? 1 : 0); /* inbuf */
663 pthread_cleanup_pop (1); /* tmpkey */
664 pthread_cleanup_pop (1); /* cipher */
672 *result
= rc
? NULL
: inbuf
;
678 cleanup_save (struct save_s
*save
)
685 gcry_sexp_release (save
->pkey
);
688 gcry_sexp_release (save
->sigpkey
);
691 memset (save
, 0, sizeof (struct save_s
));
694 /* Keep the agent ctx to retain pinentry options which will be freed in
695 * cleanup_cb(). Also keep .pubkey since it may be needed for a SAVE. */
697 cleanup_crypto_stage1 (struct crypto_s
*cr
)
702 cleanup_save (&cr
->save
);
705 if (cr
->ciphertext_sexp
)
706 gcry_sexp_release (cr
->ciphertext_sexp
);
708 cr
->ciphertext_sexp
= NULL
;
711 gcry_free (cr
->plaintext
);
712 xfree (cr
->ciphertext
);
713 xfree (cr
->filename
);
715 cr
->ciphertext
= NULL
;
716 cr
->ciphertext_len
= 0;
717 cr
->plaintext
= NULL
;
718 cr
->plaintext_len
= 0;
722 cleanup_crypto_stage2 (struct crypto_s
*cr
)
727 cleanup_crypto_stage1 (cr
);
728 set_header_defaults (&cr
->hdr
);
732 cleanup_crypto (struct crypto_s
**c
)
734 struct crypto_s
*cr
= *c
;
739 cleanup_crypto_stage2 (cr
);
743 gcry_sexp_release (cr
->pkey_sexp
);
745 if (cr
->sigpkey_sexp
)
746 gcry_sexp_release (cr
->sigpkey_sexp
);
749 cleanup_agent (cr
->agent
);
757 init_client_crypto (struct crypto_s
**crypto
)
759 struct crypto_s
*new = xcalloc (1, sizeof (struct crypto_s
));
771 rc
= agent_init (&new->agent
);
774 rc
= send_agent_common_options (new->agent
);
776 rc
= agent_set_pinentry_options (new->agent
);
781 cleanup_agent (new->agent
);
788 set_header_defaults (&new->hdr
);
794 try_decrypt (assuan_context_t ctx
, int inquire
, struct crypto_s
*crypto
,
795 const char *filename
, char **key
, size_t *keylen
)
800 char *pin_title
= NULL
;
801 struct client_s
*client
= ctx
? assuan_get_pointer (ctx
) : NULL
;
805 rc
= decrypt_common (ctx
, inquire
, crypto
, filename
, key
, keylen
);
806 if (gpg_err_code (rc
) == GPG_ERR_BAD_PASSPHRASE
&& ctx
)
809 pin_title
= client
->pinentry_opts
.title
;
811 client
->pinentry_opts
.title
= str_asprintf (_ ("Bad passphrase (try %i of %i)"), pin_try
+1, pin_tries
);
814 while (!inquire
&& gpg_err_code (rc
) == GPG_ERR_BAD_PASSPHRASE
815 && ++pin_try
<= pin_tries
);
817 if (ctx
&& pin_title
!= client
->pinentry_opts
.title
)
819 xfree (client
->pinentry_opts
.title
);
820 client
->pinentry_opts
.title
= pin_title
;
826 /* Common to both PKI and non-PKI files when saving a data
827 * file. Defers to gpg-agent when needed and handles keyfiles. */
829 export_common (assuan_context_t ctx
, int inquire
, struct crypto_s
* crypto
,
830 const void *data
, size_t datalen
, const char *outfile
,
831 const char *keyfile
, void **rkey
, size_t *rkeylen
,
832 int use_cache
, int force
, int no_passphrase
)
835 void *enc_xml
= NULL
;
836 size_t enc_xml_len
= 0;
837 unsigned char *iv
= NULL
;
839 int algo
= cipher_to_gcrypt (crypto
->save
.hdr
.flags
);
840 void *key
= NULL
, *salted_key
= NULL
;
841 size_t keysize
, keylen
;
844 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
855 if (stat (keyfile
, &st
) == -1)
856 return gpg_error_from_errno (errno
);
858 buf
= gcry_malloc (st
.st_size
);
860 return GPG_ERR_ENOMEM
;
862 fd
= open (keyfile
, O_RDONLY
);
864 rc
= gpg_error_from_errno (errno
);
867 len
= read (fd
, buf
, st
.st_size
);
868 if (len
!= st
.st_size
)
869 rc
= GPG_ERR_TOO_SHORT
;
877 log_write (_("Using passphrase obtained from file '%s'"), keyfile
);
884 tmp
= gcry_malloc (1);
897 rc
= cache_iscached (outfile
, &defer
);
900 else if (gpg_err_code (rc
) == GPG_ERR_ENOENT
901 || gpg_err_code (rc
) == GPG_ERR_NO_DATA
)
906 struct cache_data_s
*cdata
= cache_get_data_filename (outfile
);
908 salted_key
= gcry_malloc (cdata
->keylen
);
911 memcpy (salted_key
, cdata
->key
, cdata
->keylen
);
912 keysize
= cdata
->keylen
;
925 struct crypto_s
*tmp
= NULL
;
926 gpg_error_t rc
= init_client_crypto (&tmp
);
930 rc
= read_data_file (outfile
, tmp
);
933 rc
= try_decrypt (ctx
, inquire
, tmp
, outfile
,
934 (char **)&key
, &keylen
);
940 cleanup_crypto (&tmp
);
941 if (rc
&& gpg_err_code (rc
) == GPG_ERR_ENOENT
)
947 if (!use_cache
&& !no_passphrase
) // PASSWD or new file
952 rc
= inquire_passphrase (ctx
, "NEW_PASSPHRASE",
953 (unsigned char **)&key
, &keylen
);
957 rc
= getpin_common (ctx
, outfile
, PINENTRY_SAVE
,
958 (char **)&key
, &keylen
);
969 key
= gcry_malloc (keylen
);
970 memset (key
, 0, keylen
);
984 rc
= hash_key (algo
, crypto
->save
.hdr
.salt
,
985 sizeof(crypto
->save
.hdr
.salt
), key
, keylen
, &salted_key
,
991 rc
= encrypt_xml (ctx
, salted_key
, keysize
, algo
, data
, datalen
,
992 &enc_xml
, &enc_xml_len
, &iv
, &iv_len
,
993 crypto
->save
.hdr
.iterations
);
997 if (no_passphrase
&& !(crypto
->save
.hdr
.flags
& PWMD_FLAG_PKI
))
998 crypto
->save
.hdr
.flags
|= PWMD_FLAG_NO_PASSPHRASE
;
1000 memcpy (crypto
->save
.hdr
.iv
, iv
, iv_len
);
1002 crypto
->save
.hdr
.datalen
= enc_xml_len
;
1003 rc
= write_file (crypto
, outfile
, enc_xml
, enc_xml_len
, NULL
, 0, NULL
,
1005 gcry_free (enc_xml
);
1010 memcpy (&crypto
->hdr
, &crypto
->save
.hdr
, sizeof (file_header_t
));
1015 gcry_free (salted_key
);
1022 cleanup_acl (void *arg
)
1024 acl_t acl
= *(acl_t
*) arg
;
1032 write_header (struct crypto_s
*crypto
, int fd
)
1038 #ifdef WORDS_BIGENDIAN
1039 len
= write (fd
, &crypto
->save
.hdr
.magic
, sizeof(crypto
->save
.hdr
.magic
));
1043 len
= write (fd
, &crypto
->save
.hdr
.version
, sizeof(crypto
->save
.hdr
.version
));
1047 len
= write (fd
, &crypto
->save
.hdr
.iterations
,
1048 sizeof(crypto
->save
.hdr
.iterations
));
1052 len
= write (fd
, &crypto
->save
.hdr
.flags
, sizeof(crypto
->save
.hdr
.flags
));
1056 len
= write (fd
, &crypto
->save
.hdr
.iv
, sizeof(crypto
->save
.hdr
.iv
));
1060 len
= write (fd
, &crypto
->save
.hdr
.salt
, sizeof(crypto
->save
.hdr
.salt
));
1064 len
= write (fd
, &crypto
->save
.hdr
.datalen
, sizeof(crypto
->save
.hdr
.datalen
));
1068 len
= write (fd
, &crypto
->save
.hdr
.magic
, sizeof(crypto
->save
.hdr
.magic
));
1072 i
= htonl (crypto
->save
.hdr
.version
);
1073 len
= write (fd
, &i
, sizeof(i
));
1077 n
= crypto
->save
.hdr
.iterations
;
1078 x
= (((uint64_t) htonl (n
)) << 32) + htonl (n
>> 32);
1079 len
= write (fd
, &x
, sizeof(x
));
1083 n
= crypto
->save
.hdr
.flags
;
1084 x
= (((uint64_t) htonl (n
)) << 32) + htonl (n
>> 32);
1085 len
= write (fd
, &x
, sizeof(x
));
1089 len
= write (fd
, &crypto
->save
.hdr
.iv
, sizeof(crypto
->save
.hdr
.iv
));
1093 len
= write (fd
, &crypto
->save
.hdr
.salt
, sizeof(crypto
->save
.hdr
.salt
));
1097 i
= htonl (crypto
->save
.hdr
.datalen
);
1098 len
= write (fd
, &i
, sizeof(i
));
1104 return len
== -1 ? gpg_error_from_errno (errno
) : 0;
1107 /* Write the data structures to disk. */
1109 write_file (struct crypto_s
*crypto
, const char *filename
,
1110 void *data
, size_t data_len
, void *sexp
, size_t sexp_len
,
1111 void *pubkey
, void *sigpkey
)
1113 char tmp
[FILENAME_MAX
] = { 0 };
1125 if (lstat (filename
, &st
) == 0)
1127 mode
= st
.st_mode
& (S_IRWXU
| S_IRWXG
| S_IRWXO
);
1129 if (!(mode
& S_IWUSR
))
1130 return GPG_ERR_EACCES
;
1132 else if (errno
!= ENOENT
)
1133 return gpg_error_from_errno (errno
);
1135 snprintf (tmp
, sizeof (tmp
), "%s.XXXXXX", filename
);
1139 rc
= gpg_error_from_errno (errno
);
1140 log_write ("%s: %s", tmp
, pwmd_strerror (rc
));
1146 // xml_import() or convert_file() from command line.
1150 pthread_cleanup_push (cleanup_unlink_cb
, tmp
);
1151 crypto
->save
.hdr
.version
= VERSION_HEX
;
1152 rc
= write_header (crypto
, fd
);
1155 if (crypto
->save
.hdr
.flags
& PWMD_FLAG_PKI
)
1157 unsigned char grip
[20];
1159 gcry_pk_get_keygrip ((gcry_sexp_t
) pubkey
, grip
);
1160 len
= write (fd
, grip
, sizeof (grip
));
1161 if (len
== sizeof (grip
))
1163 gcry_pk_get_keygrip ((gcry_sexp_t
) sigpkey
, grip
);
1164 len
= write (fd
, grip
, sizeof (grip
));
1165 if (len
== sizeof (grip
))
1167 len
= write (fd
, data
, data_len
);
1168 if (len
== data_len
)
1170 len
= write (fd
, sexp
, sexp_len
);
1171 if (len
!= sexp_len
)
1172 rc
= gpg_error_from_errno (errno
);
1175 rc
= gpg_error_from_errno (errno
);
1179 rc
= gpg_error_from_errno (errno
);
1183 len
= write (fd
, data
, data_len
);
1184 if (len
!= data_len
)
1185 rc
= gpg_error_from_errno (errno
);
1190 pthread_cleanup_push (cleanup_acl
, &acl
);
1194 if (fsync (fd
) != -1)
1196 if (filename
&& close (fd
) != -1)
1199 acl
= acl_get_file (filename
, ACL_TYPE_ACCESS
);
1200 if (!acl
&& errno
== ENOENT
)
1201 acl
= acl_get_file (".", ACL_TYPE_DEFAULT
);
1203 log_write ("ACL: %s: %s", filename
,
1204 pwmd_strerror (gpg_error_from_errno (errno
)));
1207 if (mode
&& config_get_boolean (filename
, "backup"))
1209 char tmp2
[FILENAME_MAX
];
1211 snprintf (tmp2
, sizeof (tmp2
), "%s.backup", filename
);
1212 if (rename (filename
, tmp2
) == -1)
1213 rc
= gpg_error_from_errno (errno
);
1217 rc
= gpg_error_from_errno (errno
);
1220 rc
= gpg_error_from_errno (errno
);
1225 if (filename
&& rename (tmp
, filename
) != -1)
1228 if (filename
&& mode
)
1229 chmod (filename
, mode
);
1232 if (acl
&& acl_set_file (filename
, ACL_TYPE_ACCESS
, acl
))
1233 log_write ("ACL: %s: %s", filename
,
1234 pwmd_strerror (gpg_error_from_errno (errno
)));
1238 rc
= gpg_error_from_errno (errno
);
1242 pthread_cleanup_pop (1);
1244 pthread_cleanup_pop (rc
? 1 : 0); // unlink
1249 hash_key (int algo
, unsigned char *salt
, size_t salt_len
, const void *key
,
1250 size_t keylen
, void **result
, size_t *rlen
)
1255 /* Be sure the algorithm is available. */
1256 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
, rlen
);
1260 /* Always allocate enough for a 256-bit key although the algorithms
1261 themselves may use less. Fixes SAVE --cipher with a different
1262 keylen than the previously saved cipher when cached. */
1264 tmp
= xmalloc (*rlen
);
1266 return GPG_ERR_ENOMEM
;
1268 rc
= gcry_kdf_derive(key
, keylen
, GCRY_KDF_ITERSALTED_S2K
, GCRY_MD_SHA1
,
1269 salt
, salt_len
, DEFAULT_KDFS2K_ITERATIONS
, *rlen
, tmp
);
1278 /* The PASSWD command when not using gpg-agent. */
1280 change_passwd (assuan_context_t ctx
, const char *filename
, int inquire
,
1281 struct crypto_s
**rcrypto
, int no_passphrase
)
1283 unsigned char *key
= NULL
;
1285 struct crypto_s
*crypto
= NULL
;
1286 gpg_error_t rc
= init_client_crypto (&crypto
);
1291 crypto
->client_ctx
= ctx
;
1292 rc
= read_data_file (filename
, crypto
);
1295 cleanup_crypto (&crypto
);
1299 rc
= try_decrypt (ctx
, inquire
, crypto
, filename
, (char **)&key
, &keylen
);
1302 cleanup_crypto (&crypto
);
1311 memcpy (&crypto
->save
.hdr
, &crypto
->hdr
, sizeof (file_header_t
));
1314 crypto
->save
.hdr
.flags
&= ~PWMD_FLAG_NO_PASSPHRASE
;
1316 rc
= export_common (ctx
, inquire
, crypto
, crypto
->plaintext
,
1317 crypto
->plaintext_len
, crypto
->filename
, NULL
,
1318 (void **)&key
, &keylen
, 0, 0, no_passphrase
);
1325 rc
= save_common (filename
, crypto
, crypto
->plaintext
,
1326 crypto
->plaintext_len
, key
, keylen
, &cached
, 1);
1334 cleanup_crypto (&crypto
);
1341 save_common (const char *filename
, struct crypto_s
*crypto
,
1342 const unsigned char *data
, size_t datalen
,
1343 const unsigned char *key
, size_t keylen
, int *cached
, int no_agent
)
1345 struct cache_data_s
*cdata
;
1347 gcry_sexp_t pubkey
= NULL
;
1348 gcry_sexp_t sigkey
= NULL
;
1350 /* This is safe since it is a (somewhat) fast operation. */
1352 pthread_cleanup_push (cleanup_cache_mutex
, NULL
);
1353 cdata
= cache_get_data_filename (filename
);
1354 *cached
= cdata
!= NULL
;
1357 cdata
= xcalloc (1, sizeof (struct cache_data_s
));
1360 if (use_agent
&& !no_agent
)
1362 rc
= gcry_sexp_build (&pubkey
, NULL
, "%S", crypto
->pkey_sexp
);
1364 rc
= gcry_sexp_build (&sigkey
, NULL
, "%S", crypto
->sigpkey_sexp
);
1370 gcry_free (cdata
->doc
);
1372 gcry_free (cdata
->key
);
1373 cdata
->key
= (unsigned char *)key
;
1374 cdata
->keylen
= keylen
;
1375 rc
= encrypt_xml (NULL
, cache_key
, cache_keysize
, GCRY_CIPHER_AES
, data
,
1376 datalen
, &cdata
->doc
, &cdata
->doclen
, &cache_iv
,
1377 &cache_blocksize
, 0);
1382 unsigned char md5file
[16];
1384 /* Update in case of any --keygrip argument */
1386 gcry_sexp_release (cdata
->pubkey
);
1389 gcry_sexp_release (cdata
->sigkey
);
1391 cdata
->pubkey
= pubkey
;
1392 cdata
->sigkey
= sigkey
;
1393 gcry_md_hash_buffer (GCRY_MD_MD5
, md5file
, filename
, strlen (filename
));
1394 rc
= cache_set_data (md5file
, cdata
, crypto
->grip
);
1399 gcry_sexp_release (pubkey
);
1402 gcry_sexp_release (sigkey
);
1405 pthread_cleanup_pop (1); // mutex unlock
1410 getpin_common (assuan_context_t ctx
, const char *filename
, int which
,
1411 char **rkey
, size_t *rkeylen
)
1414 struct client_s
*client
= ctx
? assuan_get_pointer (ctx
) : NULL
;
1415 struct pinentry_s
*pin
= pinentry_init (filename
);
1418 return GPG_ERR_ENOMEM
;
1421 pinentry_merge_options (&pin
->pinentry_opts
, &client
->pinentry_opts
);
1423 rc
= pinentry_lock (ctx
, pin
);
1425 rc
= pinentry_getpin (pin
, rkey
, which
);
1427 pinentry_deinit (pin
);
1431 *rkeylen
= strlen (*rkey
);
1438 /* Note: 'key' is freed with gcry_free() and not xfree(). Although
1439 * both call xfree(). */
1441 inquire_passphrase (assuan_context_t ctx
, const char *keyword
,
1442 unsigned char **result
, size_t *rlen
)
1446 assuan_begin_confidential (ctx
);
1447 rc
= assuan_inquire (ctx
, keyword
, result
, rlen
, 0);
1448 assuan_end_confidential (ctx
);
1452 /* Common to both PKI and non-PKI files. */
1454 decrypt_common (assuan_context_t ctx
, int inquire
, struct crypto_s
*crypto
,
1455 const char *filename
, char **rkey
, size_t *rkeylen
)
1459 gpg_error_t rc
= read_data_file (filename
, crypto
);
1460 int algo
= cipher_to_gcrypt (crypto
->hdr
.flags
);
1461 void *salted_key
= NULL
;
1466 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1470 key
= config_get_string (filename
, "passphrase");
1473 log_write (_("Trying the passphrase specified in config ..."));
1474 keylen
= strlen (key
);
1479 key
= config_get_string (filename
, "passphrase_file");
1482 char *tmp
= expand_homedir (key
);
1488 log_write (_("Trying the passphrase using file '%s' ..."), key
);
1489 fd
= open (key
, O_RDONLY
);
1492 rc
= gpg_error_from_errno (errno
);
1493 log_write ("%s: %s", key
, pwmd_strerror (rc
));
1500 key
= xmalloc (st
.st_size
);
1503 if (read (fd
, key
, st
.st_size
) != st
.st_size
)
1505 log_write ("short read() count");
1506 rc
= GPG_ERR_TOO_SHORT
;
1510 rc
= GPG_ERR_ENOMEM
;
1516 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1521 keylen
= st
.st_size
;
1533 if (!key
&& !IS_PKI (crypto
) && inquire
1534 && !(crypto
->hdr
.flags
& PWMD_FLAG_NO_PASSPHRASE
))
1536 rc
= inquire_passphrase (ctx
, "PASSPHRASE", (unsigned char **)&key
,
1540 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1547 else if (!key
&& !IS_PKI (crypto
))
1549 if (crypto
->hdr
.flags
& PWMD_FLAG_NO_PASSPHRASE
)
1552 key
= gcry_malloc (keylen
);
1553 memset (key
, 0, keylen
);
1557 rc
= getpin_common (ctx
, filename
, PINENTRY_OPEN
, &key
, &keylen
);
1560 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1566 else if (key
&& IS_PKI (crypto
))
1568 rc
= set_agent_passphrase (crypto
, key
, keylen
);
1572 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1576 else if (!key
&& IS_PKI (crypto
))
1578 /* The cache entry has been cleared in save_command(). Will prompt. */
1579 rc
= set_pinentry_mode (crypto
->agent
, inquire
? "loopback" : "ask");
1585 if (key
&& !IS_PKI (crypto
))
1587 rc
= hash_key (algo
, crypto
->hdr
.salt
, sizeof(crypto
->hdr
.salt
), key
,
1588 keylen
, &salted_key
, &keysize
);
1590 key
= (char *)salted_key
;
1599 xfree (crypto
->filename
);
1600 crypto
->filename
= str_dup (filename
);
1601 rc
= decrypt_data (ctx
, crypto
, (unsigned char *)key
, keylen
);
1604 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));