2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013
3 Ben Kibbey <bjk@luxsci.net>
5 This file is part of pwmd.
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
25 #include <sys/types.h>
34 #include "pwmd-error.h"
35 #include "util-misc.h"
42 #include "util-string.h"
44 static uint8_t pwmd_magic
[5] = { '\177', 'P', 'W', 'M', 'D' };
47 set_header_defaults (file_header_t
* hdr
)
49 char *s
= config_get_string (NULL
, "cipher");
50 int flags
= cipher_string_to_cipher (s
);
53 memset (hdr
, 0, sizeof (file_header_t
));
54 memcpy (hdr
->magic
, pwmd_magic
, sizeof (hdr
->magic
));
57 ("Invalid 'cipher' in configuration file. Using a default of aes256."));
58 hdr
->flags
= flags
== -1 ? PWMD_CIPHER_AES256
: flags
;
59 hdr
->version
= VERSION_HEX
;
63 hdr
->flags
|= PWMD_FLAG_PKCS
;
68 read_data_header (const char *filename
, file_header_t
* rhdr
,
69 struct stat
*rst
, int *rfd
)
77 if (lstat (filename
, &st
) == -1)
78 return gpg_error_from_syserror ();
80 if (!S_ISREG (st
.st_mode
))
81 return GPG_ERR_ENOANO
;
83 fd
= open (filename
, O_RDONLY
);
85 return gpg_error_from_syserror ();
87 len
= read (fd
, &hdr
, sizeof (file_header_t
));
88 if (len
!= sizeof (file_header_t
))
89 rc
= rc
== -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA
;
91 if (!rc
&& memcmp (hdr
.magic
, pwmd_magic
, sizeof (hdr
.magic
)))
92 rc
= GPG_ERR_BAD_DATA
;
93 else if (hdr
.version
< 0x030000)
94 rc
= GPG_ERR_UNKNOWN_VERSION
;
114 read_data_file (const char *filename
, struct crypto_s
* crypto
)
122 cleanup_crypto_stage1 (crypto
);
123 rc
= read_data_header (filename
, &crypto
->hdr
, &st
, &fd
);
127 crypto
->ciphertext_len
= crypto
->hdr
.datalen
;
128 crypto
->ciphertext
= xmalloc (crypto
->hdr
.datalen
);
129 if (!crypto
->ciphertext
)
135 if (crypto
->hdr
.flags
& PWMD_FLAG_PKCS
)
137 rlen
= read (fd
, crypto
->grip
, 20);
140 rc
= rc
== -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA
;
144 rlen
= read (fd
, crypto
->sign_grip
, 20);
147 rc
= rc
== -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA
;
152 len
= read (fd
, crypto
->ciphertext
, crypto
->hdr
.datalen
);
153 if (len
!= crypto
->hdr
.datalen
)
155 rc
= rc
== -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA
;
159 if (!(crypto
->hdr
.flags
& PWMD_FLAG_PKCS
))
163 rc
= GPG_ERR_NOT_IMPLEMENTED
;
167 return GPG_ERR_NOT_IMPLEMENTED
;
169 len
= st
.st_size
- sizeof (file_header_t
) - crypto
->hdr
.datalen
- 40;
177 rlen
= read (fd
, buf
, len
);
180 rc
= rc
== -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA
;
184 rc
= gcry_sexp_new (&crypto
->ciphertext_sexp
, buf
, rlen
, 1);
188 if (crypto
->pkey_sexp
)
189 gcry_sexp_release (crypto
->pkey_sexp
);
191 if (crypto
->sigpkey_sexp
)
192 gcry_sexp_release (crypto
->sigpkey_sexp
);
194 crypto
->pkey_sexp
= crypto
->sigpkey_sexp
= NULL
;
195 rc
= get_pubkey_bin (crypto
, crypto
->grip
, &crypto
->pkey_sexp
);
197 rc
= get_pubkey_bin (crypto
, crypto
->sign_grip
, &crypto
->sigpkey_sexp
);
206 #define CRYPTO_BLOCKSIZE(c) (blocksize * 1024)
209 * Useful for a large amount of data. Rather than doing all of the data in one
210 * iteration do it in chunks. This lets the command be cancelable rather than
211 * waiting for it to complete.
214 iterate_crypto_once (gcry_cipher_hd_t h
, unsigned char *inbuf
,
215 size_t insize
, size_t blocksize
, status_msg_t which
)
218 off_t len
= CRYPTO_BLOCKSIZE (blocksize
);
219 void *p
= gcry_malloc (len
);
221 unsigned char *inbuf2
;
224 return GPG_ERR_ENOMEM
;
226 if (insize
< CRYPTO_BLOCKSIZE (blocksize
))
229 pthread_cleanup_push (gcry_free
, p
);
233 inbuf2
= inbuf
+ total
;
236 if (len
+ total
> insize
)
239 if (which
== STATUS_ENCRYPT
)
240 rc
= gcry_cipher_encrypt (h
, p
, len
, inbuf2
, len
);
242 rc
= gcry_cipher_decrypt (h
, p
, len
, inbuf2
, len
);
248 memmove (tmp
, p
, len
);
253 #ifdef HAVE_PTHREAD_TESTCANCEL
254 pthread_testcancel ();
258 pthread_cleanup_pop (1);
263 cleanup_cipher (void *arg
)
265 gcry_cipher_close ((gcry_cipher_hd_t
) arg
);
269 decrypt_data (assuan_context_t ctx
, struct crypto_s
*crypto
,
270 unsigned char *salted_key
, size_t skeylen
)
273 unsigned char *key
= salted_key
;
274 gcry_cipher_hd_t h
= NULL
;
275 size_t blocksize
, keysize
= 0;
276 int algo
= cipher_to_gcrypt (crypto
->hdr
.flags
);
278 uint64_t n
= crypto
->hdr
.iterations
;
281 size_t keylen
= skeylen
;
282 gcry_sexp_t sig_sexp
;
284 if (crypto
->hdr
.flags
& PWMD_FLAG_PKCS
)
286 rc
= agent_extract_key (crypto
, &key
, &keylen
);
290 sig_sexp
= gcry_sexp_find_token (crypto
->ciphertext_sexp
, "sig-val", 0);
294 return GPG_ERR_BAD_DATA
;
297 rc
= agent_verify (crypto
->sigpkey_sexp
, sig_sexp
, crypto
->ciphertext
,
298 crypto
->ciphertext_len
);
299 gcry_sexp_release (sig_sexp
);
305 rc
= gcry_cipher_open (&h
, algo
, GCRY_CIPHER_MODE_CBC
, 0);
308 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
,
312 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_BLKLEN
, NULL
,
316 rc
= gcry_cipher_setiv (h
, crypto
->hdr
.iv
,
317 sizeof (crypto
->hdr
.iv
));
320 rc
= gcry_cipher_setkey (h
, key
, keysize
);
327 pthread_cleanup_push (cleanup_cipher
, rc
? NULL
: h
);
331 outbuf
= gcry_malloc (crypto
->hdr
.datalen
);
336 pthread_cleanup_push (gcry_free
, outbuf
);
338 pthread_cleanup_push (gcry_free
, key
);
343 memcpy (outbuf
, crypto
->ciphertext
, crypto
->hdr
.datalen
);
344 rc
= iterate_crypto_once (h
, outbuf
, crypto
->hdr
.datalen
, blocksize
,
349 rc
= gcry_cipher_setkey (h
, key
, keysize
);
355 progress
= config_get_long (NULL
, "cipher_progress");
357 progress
= strtol (DEFAULT_ITERATION_PROGRESS
, NULL
, 10);
360 if (!rc
&& ctx
&& crypto
->hdr
.iterations
)
361 rc
= send_status (ctx
, STATUS_DECRYPT
, "%llu %llu", 0,
362 crypto
->hdr
.iterations
);
364 for (n
= 0; !rc
&& n
< crypto
->hdr
.iterations
; n
++)
366 if (ctx
&& !(n
% progress
))
368 rc
= send_status (ctx
, STATUS_DECRYPT
, "%llu %llu", n
,
369 crypto
->hdr
.iterations
);
374 rc
= gcry_cipher_setiv (h
, crypto
->hdr
.iv
, sizeof (crypto
->hdr
.iv
));
378 rc
= iterate_crypto_once (h
, outbuf
, crypto
->hdr
.datalen
, blocksize
,
382 if (!rc
&& ctx
&& crypto
->hdr
.iterations
)
383 rc
= send_status (ctx
, STATUS_DECRYPT
, "%llu %llu", n
,
384 crypto
->hdr
.iterations
);
387 pthread_cleanup_pop (0);
388 if (crypto
->hdr
.flags
& PWMD_FLAG_PKCS
)
395 pthread_cleanup_pop (rc
? 1 : 0); /* outbuf */
396 pthread_cleanup_pop (1); /* cipher */
399 char buf
[] = "<?xml ";
401 if (memcmp (outbuf
, buf
, sizeof(buf
)-1))
404 return gpg_error (GPG_ERR_BAD_PASSPHRASE
);
407 crypto
->plaintext
= outbuf
;
408 crypto
->plaintext_len
= crypto
->hdr
.datalen
;
415 decrypt_xml (struct crypto_s
* crypto
, const void *data
, size_t len
)
417 gcry_cipher_hd_t h
= NULL
;
420 rc
= gcry_cipher_open (&h
, GCRY_CIPHER_AES
, GCRY_CIPHER_MODE_CBC
, 0);
424 gcry_free (crypto
->plaintext
);
425 crypto
->plaintext
= gcry_malloc (len
);
426 if (!crypto
->plaintext
)
432 rc
= gcry_cipher_setiv (h
, cache_iv
, cache_blocksize
);
436 rc
= gcry_cipher_setkey (h
, cache_key
, cache_keysize
);
440 rc
= gcry_cipher_decrypt (h
, crypto
->plaintext
, len
, data
, len
);
441 if (rc
|| strncmp (crypto
->plaintext
, "<?xml ", 6))
444 rc
= GPG_ERR_BAD_DATA
;
446 gcry_free (crypto
->plaintext
);
447 crypto
->plaintext
= NULL
;
450 crypto
->plaintext_len
= len
;
454 gcry_cipher_close (h
);
460 encrypt_xml (assuan_context_t ctx
, void *key
, size_t keylen
,
461 int algo
, const void *xml
, size_t len
, void * *result
,
462 size_t *result_len
, unsigned char **iv
, size_t * iv_len
,
467 size_t blocksize
, keysize
;
472 unsigned char *tmpkey
= NULL
;
473 int free_iv
= *(iv_len
) == 0;
475 rc
= gcry_cipher_open (&h
, algo
, GCRY_CIPHER_MODE_CBC
, 0);
479 pthread_cleanup_push (cleanup_cipher
, h
);
480 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
482 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_BLKLEN
, NULL
, &blocksize
);
484 if (!rc
&& *(iv_len
) == 0)
486 *(iv
) = xmalloc (blocksize
);
490 gcry_create_nonce (*(iv
), blocksize
);
493 pthread_cleanup_push (xfree
, *(iv_len
) == 0 ? *(iv
) : NULL
);
497 tmpkey
= gcry_malloc (keysize
);
502 pthread_cleanup_push (gcry_free
, tmpkey
);
506 memcpy (tmpkey
, key
, keysize
);
508 rc
= gcry_cipher_setkey (h
, tmpkey
, keysize
);
512 len
+= blocksize
- (len
% blocksize
);
518 inbuf
= gcry_malloc (len
);
523 pthread_cleanup_push (gcry_free
, inbuf
);
527 memset (inbuf
, 0, len
);
528 memcpy (inbuf
, xml
, olen
);
529 progress
= config_get_long (NULL
, "cipher_progress");
531 progress
= strtol (DEFAULT_ITERATION_PROGRESS
, NULL
, 10);
533 if (!rc
&& ctx
&& iter
)
534 rc
= send_status (ctx
, STATUS_ENCRYPT
, "%llu %llu", 0, iter
);
536 for (n
= 0; !rc
&& n
< iter
; n
++)
538 if (ctx
&& !(n
% progress
))
540 rc
= send_status (ctx
, STATUS_ENCRYPT
, "%llu %llu", n
, iter
);
545 rc
= gcry_cipher_setiv (h
, *(iv
), blocksize
);
549 rc
= iterate_crypto_once (h
, inbuf
, len
, blocksize
, STATUS_ENCRYPT
);
553 if (!rc
&& ctx
&& iter
)
554 rc
= send_status (ctx
, STATUS_ENCRYPT
, "%llu %llu", n
, iter
);
558 /* Do at least one iteration. */
559 rc
= gcry_cipher_setiv (h
, *(iv
), blocksize
);
562 rc
= gcry_cipher_setkey (h
, key
, keysize
);
564 rc
= iterate_crypto_once (h
, inbuf
, len
, blocksize
,
569 pthread_cleanup_pop (rc
? 1 : 0); /* inbuf */
570 pthread_cleanup_pop (1); /* tmpkey */
571 pthread_cleanup_pop (rc
&& free_iv
? 1 : 0); /* iv */
572 pthread_cleanup_pop (1); /* cipher */
573 *result
= rc
? NULL
: inbuf
;
579 cleanup_save (struct save_s
*save
)
586 gcry_sexp_release (save
->pkey
);
589 gcry_sexp_release (save
->sigpkey
);
592 memset (save
, 0, sizeof (struct save_s
));
595 /* Keep the agent ctx to retain pinentry options which will be freed in
596 * cleanup_cb(). Also keep .pubkey since it may be needed for a SAVE. */
598 cleanup_crypto_stage1 (struct crypto_s
*cr
)
603 cleanup_save (&cr
->save
);
606 if (cr
->ciphertext_sexp
)
607 gcry_sexp_release (cr
->ciphertext_sexp
);
609 cr
->ciphertext_sexp
= NULL
;
612 gcry_free (cr
->plaintext
);
613 xfree (cr
->ciphertext
);
614 xfree (cr
->filename
);
616 cr
->ciphertext
= NULL
;
617 cr
->ciphertext_len
= 0;
618 cr
->plaintext
= NULL
;
619 cr
->plaintext_len
= 0;
623 cleanup_crypto_stage2 (struct crypto_s
*cr
)
628 cleanup_crypto_stage1 (cr
);
629 set_header_defaults (&cr
->hdr
);
633 cleanup_crypto (struct crypto_s
**c
)
635 struct crypto_s
*cr
= *c
;
640 cleanup_crypto_stage2 (cr
);
644 gcry_sexp_release (cr
->pkey_sexp
);
646 if (cr
->sigpkey_sexp
)
647 gcry_sexp_release (cr
->sigpkey_sexp
);
650 cleanup_agent (cr
->agent
);
658 init_client_crypto (struct crypto_s
**crypto
)
660 struct crypto_s
*new = xcalloc (1, sizeof (struct crypto_s
));
672 rc
= agent_init (&new->agent
);
675 rc
= send_agent_common_options (new->agent
);
677 rc
= agent_set_pinentry_options (new->agent
);
682 cleanup_agent (new->agent
);
689 set_header_defaults (&new->hdr
);
695 try_decrypt (assuan_context_t ctx
, int inquire
, struct crypto_s
*crypto
,
696 const char *filename
, char **key
, size_t *keylen
)
701 char *pin_title
= NULL
;
702 struct client_s
*client
= ctx
? assuan_get_pointer (ctx
) : NULL
;
706 rc
= decrypt_common (ctx
, inquire
, crypto
, filename
, key
, keylen
);
707 if (gpg_err_code (rc
) == GPG_ERR_BAD_PASSPHRASE
&& ctx
)
710 pin_title
= client
->pinentry_opts
.title
;
712 client
->pinentry_opts
.title
= str_asprintf (_ ("Bad passphrase (try %i of %i)"), pin_try
+1, pin_tries
);
715 while (!inquire
&& gpg_err_code (rc
) == GPG_ERR_BAD_PASSPHRASE
716 && ++pin_try
<= pin_tries
);
718 if (ctx
&& pin_title
!= client
->pinentry_opts
.title
)
720 xfree (client
->pinentry_opts
.title
);
721 client
->pinentry_opts
.title
= pin_title
;
728 export_common (assuan_context_t ctx
, int inquire
, struct crypto_s
* crypto
,
729 const void *data
, size_t datalen
, const char *outfile
,
730 const char *keyfile
, void **rkey
, size_t *rkeylen
,
731 int use_cache
, int force
)
734 void *enc_xml
= NULL
;
735 size_t enc_xml_len
= 0;
736 unsigned char *iv
= NULL
;
738 int algo
= cipher_to_gcrypt (crypto
->save
.hdr
.flags
);
739 void *key
= NULL
, *salted_key
= NULL
;
740 size_t keysize
, keylen
;
743 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
754 if (stat (keyfile
, &st
) == -1)
755 return gpg_error_from_syserror ();
757 buf
= gcry_malloc (st
.st_size
);
759 return GPG_ERR_ENOMEM
;
761 fd
= open (keyfile
, O_RDONLY
);
763 rc
= gpg_error_from_syserror ();
766 len
= read (fd
, buf
, st
.st_size
);
767 if (len
!= st
.st_size
)
768 rc
= GPG_ERR_TOO_SHORT
;
776 log_write (_("Using passphrase obtained from file '%s'"), keyfile
);
783 tmp
= gcry_malloc (1);
794 cached
= cache_iscached (outfile
, NULL
) == 0;
797 struct cache_data_s
*cdata
= cache_get_data_filename (outfile
);
799 salted_key
= gcry_malloc (cdata
->keylen
);
802 memcpy (salted_key
, cdata
->key
, cdata
->keylen
);
803 keysize
= cdata
->keylen
;
816 struct crypto_s
*tmp
= NULL
;
817 gpg_error_t rc
= init_client_crypto (&tmp
);
821 rc
= read_data_file (outfile
, tmp
);
824 rc
= try_decrypt (ctx
, inquire
, tmp
, outfile
,
825 (char **)&key
, &keylen
);
831 cleanup_crypto (&tmp
);
832 if (rc
&& gpg_err_code (rc
) == GPG_ERR_ENOENT
)
838 if (!use_cache
) // PASSWD or new file
843 rc
= inquire_passphrase (ctx
, "NEW_PASSPHRASE",
844 (unsigned char **)&key
, &keylen
);
848 rc
= getpin_common (ctx
, outfile
, PINENTRY_SAVE
,
849 (char **)&key
, &keylen
);
866 rc
= hash_key (algo
, crypto
->save
.hdr
.salt
,
867 sizeof(crypto
->save
.hdr
.salt
), key
, keylen
, &salted_key
,
873 rc
= encrypt_xml (ctx
, salted_key
, keysize
, algo
, data
, datalen
,
874 &enc_xml
, &enc_xml_len
, &iv
, &iv_len
,
875 crypto
->save
.hdr
.iterations
);
879 memcpy (crypto
->save
.hdr
.iv
, iv
, iv_len
);
881 crypto
->save
.hdr
.datalen
= enc_xml_len
;
882 rc
= write_file (crypto
, outfile
, enc_xml
, enc_xml_len
, NULL
, 0, NULL
,
889 memcpy (&crypto
->hdr
, &crypto
->save
.hdr
, sizeof (file_header_t
));
894 gcry_free (salted_key
);
901 cleanup_acl (void *arg
)
903 acl_t acl
= *(acl_t
*) arg
;
911 write_file (struct crypto_s
*crypto
, const char *filename
,
912 void *data
, size_t data_len
, void *sexp
, size_t sexp_len
,
913 void *pubkey
, void *sigpkey
)
915 char tmp
[FILENAME_MAX
] = { 0 };
927 if (lstat (filename
, &st
) == 0)
929 mode
= st
.st_mode
& (S_IRWXU
| S_IRWXG
| S_IRWXO
);
931 if (!(mode
& S_IWUSR
))
932 return GPG_ERR_EACCES
;
934 else if (errno
!= ENOENT
)
935 return gpg_error_from_syserror ();
937 snprintf (tmp
, sizeof (tmp
), "%s.XXXXXX", filename
);
941 rc
= gpg_error_from_syserror ();
942 log_write ("%s: %s", tmp
, pwmd_strerror (rc
));
948 // xml_import() or convert_file() from command line.
952 pthread_cleanup_push (cleanup_unlink_cb
, tmp
);
953 crypto
->save
.hdr
.version
= VERSION_HEX
;
954 len
= write (fd
, &crypto
->save
.hdr
, sizeof (file_header_t
));
955 if (len
== sizeof (file_header_t
))
957 if (crypto
->save
.hdr
.flags
& PWMD_FLAG_PKCS
)
959 unsigned char grip
[20];
961 gcry_pk_get_keygrip ((gcry_sexp_t
) pubkey
, grip
);
962 len
= write (fd
, grip
, sizeof (grip
));
963 if (len
== sizeof (grip
))
965 gcry_pk_get_keygrip ((gcry_sexp_t
) sigpkey
, grip
);
966 len
= write (fd
, grip
, sizeof (grip
));
967 if (len
== sizeof (grip
))
969 len
= write (fd
, data
, data_len
);
972 len
= write (fd
, sexp
, sexp_len
);
974 rc
= gpg_error_from_syserror ();
977 rc
= gpg_error_from_syserror ();
981 rc
= gpg_error_from_syserror ();
985 len
= write (fd
, data
, data_len
);
987 rc
= gpg_error_from_syserror ();
991 rc
= gpg_error_from_syserror ();
994 pthread_cleanup_push (cleanup_acl
, &acl
);
998 if (fsync (fd
) != -1)
1000 if (filename
&& close (fd
) != -1)
1003 acl
= acl_get_file (filename
, ACL_TYPE_ACCESS
);
1004 if (!acl
&& errno
== ENOENT
)
1005 acl
= acl_get_file (".", ACL_TYPE_DEFAULT
);
1007 log_write ("ACL: %s: %s", filename
,
1008 pwmd_strerror (gpg_error_from_syserror ()));
1011 if (mode
&& config_get_boolean (filename
, "backup"))
1013 char tmp2
[FILENAME_MAX
];
1015 snprintf (tmp2
, sizeof (tmp2
), "%s.backup", filename
);
1016 if (rename (filename
, tmp2
) == -1)
1017 rc
= gpg_error_from_syserror ();
1021 rc
= gpg_error_from_syserror ();
1024 rc
= gpg_error_from_syserror ();
1029 if (filename
&& rename (tmp
, filename
) != -1)
1032 if (filename
&& mode
)
1033 chmod (filename
, mode
);
1036 if (acl
&& acl_set_file (filename
, ACL_TYPE_ACCESS
, acl
))
1037 log_write ("ACL: %s: %s", filename
,
1038 pwmd_strerror (gpg_error_from_syserror ()));
1042 rc
= gpg_error_from_syserror ();
1046 pthread_cleanup_pop (1);
1048 pthread_cleanup_pop (rc
? 1 : 0); // unlink
1053 hash_key (int algo
, unsigned char *salt
, size_t salt_len
, const void *key
,
1054 size_t keylen
, void **result
, size_t *rlen
)
1059 /* Be sure the algorithm is available. */
1060 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
, rlen
);
1064 /* Always allocate enough for a 256-bit key although the algorithms
1065 themselves may use less. Fixes SAVE --cipher with a different
1066 keylen than the previously saved cipher when cached. */
1068 tmp
= xmalloc (*rlen
);
1070 return GPG_ERR_ENOMEM
;
1072 rc
= gcry_kdf_derive(key
, keylen
, GCRY_KDF_ITERSALTED_S2K
, GCRY_MD_SHA1
,
1073 salt
, salt_len
, DEFAULT_KDFS2K_ITERATIONS
, *rlen
, tmp
);
1083 change_passwd (assuan_context_t ctx
, const char *filename
, int inquire
,
1084 struct crypto_s
**rcrypto
)
1086 unsigned char *key
= NULL
;
1088 struct crypto_s
*crypto
= NULL
;
1089 gpg_error_t rc
= init_client_crypto (&crypto
);
1094 crypto
->client_ctx
= ctx
;
1095 rc
= read_data_file (filename
, crypto
);
1098 cleanup_crypto (&crypto
);
1102 rc
= try_decrypt (ctx
, inquire
, crypto
, filename
, (char **)&key
, &keylen
);
1105 cleanup_crypto (&crypto
);
1111 memcpy (&crypto
->save
.hdr
, &crypto
->hdr
, sizeof (file_header_t
));
1112 rc
= export_common (ctx
, inquire
, crypto
, crypto
->plaintext
,
1113 crypto
->plaintext_len
, crypto
->filename
, NULL
,
1114 (void **)&key
, &keylen
, 0, 0);
1121 rc
= save_common (filename
, crypto
, crypto
->plaintext
,
1122 crypto
->plaintext_len
, key
, keylen
, &cached
, 1);
1130 cleanup_crypto (&crypto
);
1136 // FIXME gcry_sexp_t is updated in cdata. make a temp var in case of failure.
1138 save_common (const char *filename
, struct crypto_s
*crypto
,
1139 const unsigned char *data
, size_t datalen
,
1140 const unsigned char *key
, size_t keylen
, int *cached
, int no_agent
)
1142 struct cache_data_s
*cdata
;
1145 /* This is safe since it is a fast operation. */
1147 pthread_cleanup_push (cleanup_cache_mutex
, NULL
);
1148 cdata
= cache_get_data_filename (filename
);
1149 *cached
= cdata
!= NULL
;
1152 cdata
= xcalloc (1, sizeof (struct cache_data_s
));
1155 if (use_agent
&& !no_agent
)
1157 /* Update in case of any --keygrip argument */
1159 gcry_sexp_release (cdata
->pubkey
);
1161 gcry_sexp_build ((gcry_sexp_t
*) & cdata
->pubkey
, NULL
, "%S",
1165 gcry_sexp_release (cdata
->sigkey
);
1167 gcry_sexp_build ((gcry_sexp_t
*) & cdata
->sigkey
, NULL
, "%S",
1168 crypto
->sigpkey_sexp
);
1172 gcry_free (cdata
->doc
);
1174 cdata
->key
= (unsigned char *)key
;
1175 cdata
->keylen
= keylen
;
1176 rc
= encrypt_xml (NULL
, cache_key
, cache_keysize
, GCRY_CIPHER_AES
, data
,
1177 datalen
, &cdata
->doc
, &cdata
->doclen
, &cache_iv
,
1178 &cache_blocksize
, 0);
1181 unsigned char md5file
[16];
1183 gcry_md_hash_buffer (GCRY_MD_MD5
, md5file
, filename
, strlen (filename
));
1184 rc
= cache_set_data (md5file
, cdata
, crypto
->grip
);
1187 pthread_cleanup_pop (1); // mutex unlock
1192 getpin_common (assuan_context_t ctx
, const char *filename
, int which
,
1193 char **rkey
, size_t *rkeylen
)
1196 struct client_s
*client
= ctx
? assuan_get_pointer (ctx
) : NULL
;
1197 struct pinentry_s
*pin
= pinentry_init (filename
);
1200 return GPG_ERR_ENOMEM
;
1203 pinentry_merge_options (&pin
->pinentry_opts
, &client
->pinentry_opts
);
1205 rc
= pinentry_lock (ctx
, pin
);
1207 rc
= pinentry_getpin (pin
, rkey
, which
);
1209 pinentry_deinit (pin
);
1213 *rkeylen
= strlen (*rkey
);
1220 /* Note: 'key' is freed with gcry_free() and not xfree(). Although
1221 * both call xfree(). */
1223 inquire_passphrase (assuan_context_t ctx
, const char *keyword
,
1224 unsigned char **result
, size_t *rlen
)
1228 assuan_begin_confidential (ctx
);
1229 rc
= assuan_inquire (ctx
, keyword
, result
, rlen
, 0);
1230 assuan_end_confidential (ctx
);
1235 decrypt_common (assuan_context_t ctx
, int inquire
, struct crypto_s
*crypto
,
1236 const char *filename
, char **rkey
, size_t *rkeylen
)
1240 gpg_error_t rc
= read_data_file (filename
, crypto
);
1241 int algo
= cipher_to_gcrypt (crypto
->hdr
.flags
);
1242 void *salted_key
= NULL
;
1247 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1251 key
= config_get_string (filename
, "passphrase");
1254 log_write (_("Trying the passphrase specified in config ..."));
1255 keylen
= strlen (key
);
1260 key
= config_get_string (filename
, "passphrase_file");
1263 char *tmp
= expand_homedir (key
);
1269 log_write (_("Trying the passphrase using file '%s' ..."), key
);
1270 fd
= open (key
, O_RDONLY
);
1273 rc
= gpg_error_from_syserror ();
1274 log_write ("%s: %s", key
, pwmd_strerror (rc
));
1281 key
= xmalloc (st
.st_size
);
1284 if (read (fd
, key
, st
.st_size
) != st
.st_size
)
1286 log_write ("short read() count");
1287 rc
= GPG_ERR_TOO_SHORT
;
1291 rc
= GPG_ERR_ENOMEM
;
1297 log_write ("%s", pwmd_strerror (rc
));
1302 keylen
= st
.st_size
;
1314 if (!key
&& !IS_PKCS (crypto
) && inquire
)
1316 rc
= inquire_passphrase (ctx
, "PASSPHRASE", (unsigned char **)&key
,
1320 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1327 else if (!key
&& !IS_PKCS (crypto
))
1329 rc
= getpin_common (ctx
, filename
, PINENTRY_OPEN
, &key
, &keylen
);
1332 log_write ("%s", pwmd_strerror (rc
));
1337 else if (key
&& IS_PKCS (crypto
))
1339 rc
= set_agent_passphrase (crypto
, key
, keylen
);
1343 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1349 if (key
&& !IS_PKCS (crypto
))
1351 rc
= hash_key (algo
, crypto
->hdr
.salt
, sizeof(crypto
->hdr
.salt
), key
,
1352 keylen
, &salted_key
, &keysize
);
1354 key
= (char *)salted_key
;
1363 xfree (crypto
->filename
);
1364 crypto
->filename
= str_dup (filename
);
1365 rc
= decrypt_data (ctx
, crypto
, (unsigned char *)key
, keylen
);
1368 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));