2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015,
4 Ben Kibbey <bjk@luxsci.net>
6 This file is part of pwmd.
8 Pwmd is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation, either version 2 of the License, or
11 (at your option) any later version.
13 Pwmd is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
26 #include <sys/types.h>
36 #include "pwmd-error.h"
37 #include "util-misc.h"
43 #include "util-string.h"
47 static unsigned keepalive
;
48 static pthread_mutex_t crypto_mutex
= PTHREAD_MUTEX_INITIALIZER
;
52 #define STATUS_TIMEOUT_INIT(crypto) \
54 crypto->status_timeout = time (NULL); \
55 crypto->progress_rc = 0; \
58 #define STATUS_TIMEOUT_TEST(crypto, rc, s, line) \
60 time_t now = time (NULL); \
61 if (now - crypto->status_timeout >= keepalive && crypto->client_ctx) { \
62 rc = send_status (crypto->client_ctx, s, line); \
63 crypto->status_timeout = now; \
69 show_key_output (gpgme_key_t key
)
71 gpgme_subkey_t keyp
; // first is primary
73 for (keyp
= key
->subkeys
; keyp
; keyp
= keyp
->next
)
75 fprintf(stderr
, "keyid: %s, revoked: %i, expired: %i, disabled: %i, invalid: %i,"
76 "encrypt: %i, sign: %i, cert: %i, auth: %i, secret: %i\n",
77 keyp
->keyid
, keyp
->revoked
, keyp
->expired
, keyp
->disabled
,
78 keyp
->invalid
, keyp
->can_encrypt
, keyp
->can_sign
,
79 keyp
->can_certify
, keyp
->can_authenticate
, keyp
->secret
);
87 get_password (const char *keyfile
, unsigned char **result
, size_t *len
)
91 unsigned char *buf
= NULL
;
94 log_write (_ ("obtaining passphrase from passphrase file"));
95 rc
= open_check_file (keyfile
, &fd
, &st
, 0);
99 buf
= xmalloc (st
.st_size
+1);
102 size_t rlen
= read (fd
, buf
, st
.st_size
);
104 if (rlen
!= st
.st_size
)
105 rc
= GPG_ERR_ASS_READ_ERROR
;
109 if (rlen
&& strlen ((char *)buf
) != rlen
)
110 rc
= GPG_ERR_INV_PASSPHRASE
;
130 status_cb (void *data
, const char *keyword
, const char *args
)
132 struct crypto_s
*crypto
= data
;
135 if (!crypto
->client_ctx
)
138 if (!strcmp (keyword
, "INQUIRE_MAXLEN") &&
139 (crypto
->flags
& CRYPTO_FLAG_KEYFILE
))
142 return assuan_write_status (crypto
->client_ctx
, keyword
, args
);
146 passphrase_cb (void *data
, const char *hint
, const char *info
, int bad
, int fd
)
148 struct crypto_s
*crypto
= data
;
149 unsigned char *result
= NULL
;
153 if (crypto
->flags
& CRYPTO_FLAG_KEYFILE
)
154 rc
= get_password (crypto
->keyfile
, &result
, &len
);
158 rc
= assuan_write_status (crypto
->client_ctx
, "PASSPHRASE_HINT", hint
);
161 rc
= assuan_write_status (crypto
->client_ctx
, "PASSPHRASE_INFO", info
);
165 const char *keyword
= "PASSPHRASE";
167 if (!bad
&& crypto
->flags
& CRYPTO_FLAG_PASSWD_SIGN
)
168 keyword
= "SIGN_PASSPHRASE";
169 else if (!bad
&& crypto
->flags
& CRYPTO_FLAG_PASSWD_NEW
)
171 crypto
->flags
|= CRYPTO_FLAG_PASSWD_SIGN
;
172 keyword
= "NEW_PASSPHRASE";
174 else if (!bad
&& crypto
->flags
& CRYPTO_FLAG_PASSWD
)
175 crypto
->flags
|= CRYPTO_FLAG_PASSWD_NEW
;
176 else if (!bad
&& crypto
->flags
& CRYPTO_FLAG_NEWFILE
)
178 keyword
= "NEW_PASSPHRASE";
179 if (crypto
->save
.sigkey
)
180 crypto
->flags
|= CRYPTO_FLAG_PASSWD_SIGN
;
183 rc
= assuan_inquire (crypto
->client_ctx
, keyword
, &result
, &len
, 0);
189 pthread_cleanup_push ((void *)xfree
, result
);
192 gpgme_io_writen (fd
, "\n", 1);
195 int nl
= result
[len
-1] == '\n';
198 ret
= gpgme_io_writen (fd
, result
, len
);
200 gpgme_io_writen (fd
, "\n", 1);
202 rc
= GPG_ERR_CANCELED
;
205 pthread_cleanup_pop (1);
212 progress_cb (void *data
, const char *what
, int type
, int current
, int total
)
214 struct crypto_s
*crypto
= data
;
216 crypto
->progress_rc
= send_status (crypto
->client_ctx
, STATUS_GPGME
,
217 "%s %i %i %i", what
, type
, current
, total
);
221 crypto_data_to_buf (const gpgme_data_t data
, unsigned char **result
,
224 off_t ret
= gpgme_data_seek (data
, 0, SEEK_SET
);
226 size_t total
= 0, size
= BUFSIZE
;
227 unsigned char *buf
= NULL
;
233 return gpg_error_from_syserror ();
235 buf
= xmalloc (size
);
237 return GPG_ERR_ENOMEM
;
241 ret
= gpgme_data_read (data
, &buf
[total
], BUFSIZE
);
248 p
= xrealloc (buf
, size
* sizeof (unsigned char));
252 return GPG_ERR_ENOMEM
;
261 rc
= gpgme_err_code_from_syserror ();
276 crypto_list_keys (struct crypto_s
*crypto
, char *keys
[], int secret
,
277 gpgme_key_t
**result
)
280 gpgme_key_t key
= NULL
, *res
= NULL
;
283 rc
= gpgme_op_keylist_ext_start (crypto
->ctx
, (const char **)keys
, secret
, 0);
287 STATUS_TIMEOUT_INIT (crypto
);
292 pthread_cleanup_push ((void *)crypto_free_key_list
, res
);
293 rc
= gpgme_op_keylist_next (crypto
->ctx
, &key
);
294 pthread_cleanup_pop (0);
295 if (rc
&& gpgme_err_code(rc
) != GPG_ERR_EOF
)
304 p
= xrealloc (res
, (total
+2) * sizeof (gpgme_key_t
));
314 pthread_cleanup_push ((void *)crypto_free_key_list
, res
);
315 STATUS_TIMEOUT_TEST (crypto
, rc
, STATUS_KEEPALIVE
, NULL
);
316 pthread_cleanup_pop (0);
321 rc
= gpgme_op_keylist_end (crypto
->ctx
);
325 rc
= total
? 0 : secret
? GPG_ERR_NO_SECKEY
: GPG_ERR_NO_PUBKEY
;
329 crypto_free_key_list (res
);
335 crypto_free_save (struct save_s
*save
)
340 strv_free (save
->pubkey
);
341 xfree (save
->sigkey
);
342 xfree (save
->userid
);
344 crypto_free_key_list (save
->mainkey
);
346 memset (save
, 0, sizeof (struct save_s
));
352 return cache_kill_scd ();
356 free_gpgme_data_cb (void *data
)
358 gpgme_data_t d
= data
;
365 t
= gpgme_data_release_and_get_mem (d
, &len
);
367 wipememory (t
, 0, len
);
373 crypto_free_non_keys (struct crypto_s
*crypto
)
379 gpgme_release (crypto
->ctx
);
382 xfree (crypto
->plaintext
);
383 crypto
->plaintext
= NULL
;
384 crypto
->plaintext_size
= 0;
387 free_gpgme_data_cb (crypto
->cipher
);
389 crypto
->cipher
= NULL
;
390 crypto_free_save (&crypto
->save
);
391 xfree (crypto
->keyfile
);
392 crypto
->keyfile
= NULL
;
393 crypto
->flags
&= ~CRYPTO_FLAG_KEYFILE
;
394 (void)crypto_kill_scd ();
398 crypto_free (struct crypto_s
*crypto
)
403 crypto_free_non_keys (crypto
);
404 strv_free (crypto
->pubkey
);
405 xfree (crypto
->sigkey
);
406 xfree (crypto
->filename
);
411 crypto_init_ctx (struct crypto_s
*crypto
, int no_pinentry
,
412 char *passphrase_file
)
415 gpgme_keylist_mode_t keylist_mode
;
418 rc
= gpgme_new (&ctx
);
422 rc
= gpgme_set_protocol (ctx
, GPGME_PROTOCOL_OPENPGP
);
425 keylist_mode
= gpgme_get_keylist_mode (ctx
);
426 keylist_mode
|= GPGME_KEYLIST_MODE_LOCAL
|GPGME_KEYLIST_MODE_WITH_SECRET
;
427 rc
= gpgme_set_keylist_mode (ctx
, keylist_mode
);
430 if (no_pinentry
|| passphrase_file
)
431 rc
= gpgme_set_pinentry_mode (ctx
, GPGME_PINENTRY_MODE_LOOPBACK
);
433 rc
= gpgme_set_pinentry_mode (ctx
, GPGME_PINENTRY_MODE_DEFAULT
);
437 gpgme_set_passphrase_cb (ctx
, passphrase_cb
, crypto
);
438 gpgme_set_progress_cb (ctx
, progress_cb
, crypto
);
439 gpgme_set_status_cb (ctx
, status_cb
, crypto
);
446 crypto
->keyfile
= passphrase_file
;
447 crypto
->flags
|= CRYPTO_FLAG_KEYFILE
;
459 crypto_set_keepalive ()
461 keepalive
= config_get_integer ("global", "keepalive_interval");
465 crypto_init (struct crypto_s
**crypto
, void *ctx
, const char *filename
,
466 int no_pinentry
, char *passphrase_file
)
468 struct crypto_s
*new = xcalloc (1, sizeof (struct crypto_s
));
471 crypto_set_keepalive ();
474 return GPG_ERR_ENOMEM
;
476 rc
= crypto_init_ctx (new, no_pinentry
, passphrase_file
);
482 new->filename
= str_dup (filename
);
490 new->client_ctx
= ctx
;
499 /* Converts a 40 byte key id to the 16 byte form. Needed for comparison of
500 * gpgme_recipient_t.keyid. */
502 crypto_keyid_to_16b_once (char *key
)
504 size_t len
= strlen (key
);
507 return GPG_ERR_INV_ARG
;
509 memmove (&key
[0], &key
[len
-16], 16);
515 crypto_keyid_to_16b (char **keys
)
519 for (p
= keys
; p
&& *p
; p
++)
521 gpg_error_t rc
= crypto_keyid_to_16b_once (*p
);
530 crypto_decrypt (struct client_s
*client
, struct crypto_s
*crypto
)
537 char **new_recipients
= NULL
;
538 char **new_signers
= NULL
;
540 gpgme_decrypt_result_t result
;
542 rc
= gpgme_data_new (&plain
);
546 pthread_cleanup_push ((void *)free_gpgme_data_cb
, plain
);
547 rc
= open_check_file (crypto
->filename
, &fd
, &st
, 1);
550 pthread_cleanup_push ((void *)close_fd_cb
, &fd
);
551 rc
= gpgme_data_new_from_fd (&cipher
, fd
);
554 pthread_cleanup_push ((void *)free_gpgme_data_cb
, cipher
);
555 rc
= send_status (client
? client
->ctx
: NULL
, STATUS_DECRYPT
, NULL
);
558 MUTEX_TRYLOCK (client
->ctx
, &crypto_mutex
, rc
,
559 client
->lock_timeout
);
562 pthread_cleanup_push (release_mutex_cb
, &crypto_mutex
);
563 rc
= gpgme_op_decrypt_verify_start (crypto
->ctx
, cipher
, plain
);
566 STATUS_TIMEOUT_INIT(crypto
);
569 if (!rc
&& crypto
->progress_rc
)
570 rc
= crypto
->progress_rc
;
572 STATUS_TIMEOUT_TEST (crypto
, rc
, STATUS_DECRYPT
, NULL
);
574 } while (!rc
&& !gpgme_wait (crypto
->ctx
, &rc
, 0) && !rc
);
576 pthread_cleanup_pop (1); // release_mutex_cb
579 pthread_cleanup_pop (1); // free_gpgme_data_cb (cipher)
582 pthread_cleanup_pop (1); // close (fd)
585 pthread_cleanup_pop (0); // free_gpgme_data_cb (plain)
589 free_gpgme_data_cb (plain
);
593 pthread_cleanup_push ((void *)free_gpgme_data_cb
, plain
);
594 result
= gpgme_op_decrypt_result (crypto
->ctx
);
595 if (!result
->unsupported_algorithm
&& !result
->wrong_key_usage
)
599 for (r
= result
->recipients
; r
; r
= r
->next
)
601 pthread_cleanup_push ((void *)strv_free
, new_recipients
);
602 log_write1 (_ ("%s: recipient: %s, status=%u"),
603 crypto
->filename
, r
->keyid
, r
->status
);
604 pthread_cleanup_pop (0);
605 pp
= strv_cat(new_recipients
, str_dup (r
->keyid
));
615 else if (result
->wrong_key_usage
)
616 rc
= GPG_ERR_WRONG_KEY_USAGE
;
617 else if (result
->unsupported_algorithm
)
618 rc
= GPG_ERR_UNSUPPORTED_ALGORITHM
;
622 gpgme_verify_result_t verify
;
625 verify
= gpgme_op_verify_result (crypto
->ctx
);
627 for (s
= verify
->signatures
; s
; s
= s
->next
)
629 pthread_cleanup_push ((void *)strv_free
, new_signers
);
630 log_write1 (_ ("%s: signer: %s, status=%u"),
631 crypto
->filename
, s
->fpr
, s
->status
);
632 pthread_cleanup_pop (0);
633 if (s
->status
|| s
->wrong_key_usage
634 || !(s
->summary
& GPGME_SIGSUM_VALID
))
637 pp
= strv_cat (new_signers
, str_dup (s
->fpr
));
647 if (verify
->signatures
&& !new_signers
)
648 rc
= GPG_ERR_BAD_SIGNATURE
;
652 xfree (crypto
->plaintext
);
653 crypto
->plaintext
= NULL
;
654 crypto
->plaintext_size
= 0;
655 pthread_cleanup_push ((void *)strv_free
, new_recipients
);
656 pthread_cleanup_push ((void *)strv_free
, new_signers
);
657 rc
= crypto_data_to_buf (plain
, &crypto
->plaintext
,
658 &crypto
->plaintext_size
);
659 pthread_cleanup_pop (0);
660 pthread_cleanup_pop (0);
663 strv_free (crypto
->pubkey
);
664 crypto
->pubkey
= new_recipients
;
665 crypto_keyid_to_16b (crypto
->pubkey
);
667 xfree (crypto
->sigkey
);
668 crypto
->sigkey
= NULL
;
671 crypto
->sigkey
= str_dup (*new_signers
);
672 strv_free (new_signers
);
673 crypto_keyid_to_16b_once (crypto
->sigkey
);
681 strv_free (new_recipients
);
682 strv_free (new_signers
);
685 pthread_cleanup_pop (1); // free_gpgme_data_cb (plain)
690 crypto_free_key_list (gpgme_key_t
*keys
)
694 for (i
= 0; keys
&& keys
[i
]; i
++)
695 gpgme_key_unref (keys
[i
]);
700 /* Removes strings in 'prune' from 'a'. */
702 prune_keys (char **a
, char **prune
)
706 for (p
= prune
; p
&& *p
; p
++)
710 for (ap
= a
; ap
&& *ap
; ap
++)
712 if (!strcmp (*ap
, *p
))
727 remove_duplicates (char **a
)
731 for (p
= a
; p
&& *p
; p
++)
735 for (t
= p
+1; t
&& *t
; t
++)
737 if (!strcmp (*p
, *t
))
749 remove_duplicates (a
);
757 crypto_encrypt (struct client_s
*client
, struct crypto_s
*crypto
)
760 gpgme_data_t cipher
= NULL
;
761 gpgme_key_t
*keys
= NULL
;
762 gpgme_key_t
*sigkeys
= NULL
;
766 if (!(crypto
->flags
& CRYPTO_FLAG_SYMMETRIC
))
768 crypto_keyid_to_16b (crypto
->save
.pubkey
);
769 remove_duplicates (crypto
->save
.pubkey
);
770 rc
= crypto_list_keys (crypto
, crypto
->save
.pubkey
, 0, &keys
);
775 pthread_cleanup_push ((void *)crypto_free_key_list
, keys
);
776 rc
= gpgme_data_new (&cipher
);
777 pthread_cleanup_push ((void *)free_gpgme_data_cb
, cipher
);
779 rc
= gpgme_data_set_file_name (cipher
, crypto
->filename
);
781 if (!rc
&& crypto
->save
.sigkey
)
785 crypto_keyid_to_16b_once (crypto
->save
.sigkey
);
786 strv_printf (&tmp
, "%s", crypto
->save
.sigkey
);
787 pthread_cleanup_push ((void *)strv_free
, tmp
);
788 rc
= crypto_list_keys (crypto
, tmp
, 1, &sigkeys
);
789 pthread_cleanup_pop (1);
790 if (gpg_err_code (rc
) == GPG_ERR_NO_DATA
)
796 gpgme_data_t plain
= NULL
;
798 pthread_cleanup_push ((void *)crypto_free_key_list
, sigkeys
);
799 rc
= gpgme_data_new_from_mem (&plain
, (char *)crypto
->plaintext
,
800 crypto
->plaintext_size
, 0);
801 pthread_cleanup_push ((void *)free_gpgme_data_cb
, plain
);
806 gpgme_signers_clear (crypto
->ctx
);
808 for (i
= 0; sigkeys
&& sigkeys
[i
]; i
++)
809 gpgme_signers_add (crypto
->ctx
, sigkeys
[i
]);
814 gpgme_data_set_encoding (cipher
, GPGME_DATA_ENCODING_ARMOR
);
815 rc
= send_status (client
? client
->ctx
: NULL
, STATUS_ENCRYPT
, NULL
);
820 int f
= config_get_boolean ("global", "encrypt_to");
823 flags
|= GPGME_ENCRYPT_NO_ENCRYPT_TO
;
825 f
= config_get_boolean ("global", "always_trust");
827 flags
|= GPGME_ENCRYPT_ALWAYS_TRUST
;
829 if (!(crypto
->flags
& CRYPTO_FLAG_SYMMETRIC
)
830 || (crypto
->flags
& CRYPTO_FLAG_SYMMETRIC
&& sigkeys
))
835 MUTEX_TRYLOCK (client
->ctx
, &crypto_mutex
, rc
, client
->lock_timeout
);
839 pthread_cleanup_push (release_mutex_cb
, &crypto_mutex
);
841 rc
= gpgme_op_encrypt_sign_start (crypto
->ctx
, keys
, flags
, plain
,
844 rc
= gpgme_op_encrypt_start (crypto
->ctx
, NULL
, flags
, plain
,
848 STATUS_TIMEOUT_INIT (crypto
);
851 if (!rc
&& crypto
->progress_rc
)
852 rc
= crypto
->progress_rc
;
854 STATUS_TIMEOUT_TEST (crypto
, rc
, STATUS_ENCRYPT
, NULL
);
856 } while (!rc
&& !gpgme_wait (crypto
->ctx
, &rc
, 0) && !rc
);
858 pthread_cleanup_pop (1);
862 gpgme_encrypt_result_t result
;
863 gpgme_sign_result_t sresult
;
864 gpgme_invalid_key_t inv
;
865 gpgme_new_signature_t sigs
;
869 result
= gpgme_op_encrypt_result (crypto
->ctx
);
870 inv
= result
->invalid_recipients
;
873 pthread_cleanup_push ((void *)strv_free
, prune
);
874 log_write1 (_ ("%s: invalid recipient: %s, rc=%u"),
875 crypto
->filename
, inv
->fpr
, inv
->reason
);
876 pthread_cleanup_pop (0);
877 p
= strv_cat (prune
, str_dup(inv
->fpr
));
891 p
= prune_keys (crypto
->save
.pubkey
, prune
);
892 crypto
->save
.pubkey
= p
;
896 crypto_keyid_to_16b (crypto
->save
.pubkey
);
897 sresult
= gpgme_op_sign_result (crypto
->ctx
);
898 inv
= sresult
? sresult
->invalid_signers
: NULL
;
901 log_write1 (_ ("%s: invalid signer: %s, rc=%u"),
902 crypto
->filename
, inv
->fpr
, inv
->reason
);
906 sigs
= sresult
? sresult
->signatures
: NULL
;
915 pthread_cleanup_push ((void *)strv_free
, p
);
916 log_write1 (_ ("%s: signer: %s"), crypto
->filename
,
918 pthread_cleanup_pop (0);
920 pp
= strv_cat (p
, str_dup (sigs
->fpr
));
934 xfree (crypto
->save
.sigkey
);
935 crypto
->save
.sigkey
= str_dup (*p
);
937 crypto_keyid_to_16b_once (crypto
->save
.sigkey
);
938 crypto
->cipher
= cipher
;
941 else if (!rc
&& crypto
->flags
& CRYPTO_FLAG_SYMMETRIC
)
943 crypto
->cipher
= cipher
;
947 if (!(crypto
->flags
& CRYPTO_FLAG_SYMMETRIC
)
948 || (crypto
->flags
& CRYPTO_FLAG_SYMMETRIC
&& sigkeys
))
949 rc
= GPG_ERR_NO_SIGNATURE_SCHEME
;
954 pthread_cleanup_pop (1); // free_gpgme_data_cb (plain)
955 pthread_cleanup_pop (1); // crypto_free_key_list (sigkeys)
958 pthread_cleanup_pop (0); // free_gpgme_data_cb (cipher)
959 pthread_cleanup_pop (1); // crypto_free_key_list (keys)
962 free_gpgme_data_cb (cipher
);
968 crypto_passwd (struct client_s
*client
, struct crypto_s
*crypto
)
971 gpgme_key_t
*keys
= NULL
;
973 /* Use SAVE instead for symmetric files. */
974 rc
= crypto_is_symmetric (client
->filename
);
975 if (!rc
|| rc
!= GPG_ERR_BAD_DATA
)
976 return !rc
? GPG_ERR_NOT_SUPPORTED
: rc
;
978 rc
= crypto_list_keys (crypto
, crypto
->pubkey
, 1, &keys
);
982 crypto
->flags
|= CRYPTO_FLAG_PASSWD
;
983 pthread_cleanup_push ((void *)crypto_free_key_list
, keys
);
984 rc
= send_status (client
->ctx
, STATUS_KEEPALIVE
, NULL
);
986 MUTEX_TRYLOCK (client
->ctx
, &crypto_mutex
, rc
, client
->lock_timeout
);
990 pthread_cleanup_push (release_mutex_cb
, &crypto_mutex
);
991 rc
= gpgme_op_passwd_start (crypto
->ctx
, keys
[0], 0);
994 STATUS_TIMEOUT_INIT (crypto
);
997 if (!rc
&& crypto
->progress_rc
)
998 rc
= crypto
->progress_rc
;
1000 STATUS_TIMEOUT_TEST (crypto
, rc
, STATUS_KEEPALIVE
, NULL
);
1002 } while (!rc
&& !gpgme_wait (crypto
->ctx
, &rc
, 0) && !rc
);
1004 pthread_cleanup_pop (1);
1007 pthread_cleanup_pop (1);
1011 /* Generate a new key pair. The resulting keyid's are stored in crypto->save.
1014 crypto_genkey (struct client_s
*client
, struct crypto_s
*crypto
)
1018 rc
= send_status (client
? client
->ctx
: NULL
, STATUS_GENKEY
, NULL
);
1020 MUTEX_TRYLOCK ((client
? client
->ctx
: NULL
), &crypto_mutex
, rc
,
1021 (client
? client
->lock_timeout
: 0));
1025 pthread_cleanup_push (release_mutex_cb
, &crypto_mutex
);
1026 if (crypto
->save
.mainkey
)
1028 rc
= gpgme_op_createsubkey_start (crypto
->ctx
,
1029 crypto
->save
.mainkey
[0],
1032 crypto
->save
.expire
,
1033 crypto
->save
.flags
);
1037 rc
= gpgme_op_createkey_start (crypto
->ctx
,
1038 crypto
->save
.userid
,
1041 crypto
->save
.expire
,
1043 crypto
->save
.flags
);
1048 STATUS_TIMEOUT_INIT (crypto
);
1051 if (!rc
&& crypto
->progress_rc
)
1052 rc
= crypto
->progress_rc
;
1054 STATUS_TIMEOUT_TEST (crypto
, rc
, STATUS_GENKEY
, NULL
);
1056 } while (!rc
&& !gpgme_wait (crypto
->ctx
, &rc
, 0) && !rc
);
1058 pthread_cleanup_pop (1);
1063 gpgme_key_t
*keys
= NULL
;
1064 gpgme_genkey_result_t result
;
1066 result
= gpgme_op_genkey_result (crypto
->ctx
);
1067 xfree (crypto
->save
.sigkey
);
1068 crypto
->save
.sigkey
= str_dup (result
->fpr
);
1069 crypto_keyid_to_16b_once (crypto
->save
.sigkey
);
1075 strv_printf (&tmp
, "%s", crypto
->save
.sigkey
);
1076 pthread_cleanup_push ((void *)strv_free
, tmp
);
1077 rc
= crypto_list_keys (crypto
, tmp
, 1, &keys
);
1078 pthread_cleanup_pop (1);
1083 gpgme_subkey_t key
= keys
[0]->subkeys
;
1085 for (; key
; key
= key
->next
)
1087 if (key
->can_encrypt
)
1091 pthread_cleanup_push ((void *)crypto_free_key_list
, keys
);
1092 rc
= send_status (client
? client
->ctx
: NULL
, STATUS_GENKEY
, "%s %s",
1093 crypto
->save
.sigkey
, key
? key
->fpr
: "");
1096 crypto
->save
.pubkey
= strv_cat (crypto
->save
.pubkey
,
1097 str_dup (key
->fpr
));
1098 crypto_keyid_to_16b (crypto
->save
.pubkey
);
1101 pthread_cleanup_pop (1);
1110 acl_free_cb (void *arg
)
1112 acl_t acl
= arg
? (acl_t
) arg
: NULL
;
1119 /* The advisory lock should be obtained before calling this function. */
1121 crypto_write_file (struct crypto_s
*crypto
, unsigned char **r_crc
,
1135 if (crypto
->filename
)
1137 if (lstat (crypto
->filename
, &st
) == 0)
1139 mode
= st
.st_mode
& (S_IRWXU
| S_IRWXG
| S_IRWXO
);
1141 if (!(mode
& S_IWUSR
))
1142 return GPG_ERR_EACCES
;
1144 else if (errno
!= ENOENT
)
1145 return gpg_error_from_errno (errno
);
1147 snprintf (tmp
, sizeof (tmp
), "%s.XXXXXX", crypto
->filename
);
1148 mode_t tmode
= umask (0600);
1152 rc
= gpg_error_from_errno (errno
);
1154 log_write ("%s: %s", tmp
, pwmd_strerror (rc
));
1163 rc
= crypto_data_to_buf (crypto
->cipher
, &buf
, &size
);
1166 if (crypto
->filename
)
1171 pthread_cleanup_push ((void *)close_fd_cb
, &fd
);
1173 rc
= get_checksum_memory (buf
, size
, r_crc
, r_crclen
);
1177 pthread_cleanup_push ((void *)xfree
, buf
);
1178 len
= write (fd
, buf
, size
);
1179 pthread_cleanup_pop (1);
1181 rc
= gpg_error_from_errno (errno
);
1186 if (fsync (fd
) != -1)
1188 if (crypto
->filename
&& close (fd
) != -1)
1191 acl
= acl_get_file (crypto
->filename
, ACL_TYPE_ACCESS
);
1192 if (!acl
&& errno
== ENOENT
)
1193 acl
= acl_get_file (".", ACL_TYPE_DEFAULT
);
1195 log_write ("ACL: %s: %s", crypto
->filename
,
1196 pwmd_strerror (gpg_error_from_errno (errno
)));
1197 pthread_cleanup_push ((void *)acl_free_cb
, acl
);
1201 if (config_get_boolean (crypto
->filename
, "backup"))
1203 char tmp2
[PATH_MAX
];
1205 snprintf (tmp2
, sizeof (tmp2
), "%s.backup", crypto
->filename
);
1206 if (rename (crypto
->filename
, tmp2
) == -1)
1207 if (errno
!= ENOENT
)
1208 rc
= gpg_error_from_errno (errno
);
1211 if (!rc
&& rename (tmp
, crypto
->filename
) == -1)
1212 rc
= gpg_error_from_errno (errno
);
1216 if (chmod (crypto
->filename
, mode
) == -1)
1217 log_write ("%s(%u): %s", __FILE__
, __LINE__
,
1218 pwmd_strerror (gpg_error_from_syserror ()));
1221 if (!rc
&& acl
&& acl_set_file (crypto
->filename
,
1222 ACL_TYPE_ACCESS
, acl
))
1223 log_write ("ACL: %s: %s", crypto
->filename
,
1224 pwmd_strerror (gpg_error_from_errno (errno
)));
1225 pthread_cleanup_pop (1);
1228 else if (crypto
->filename
)
1229 rc
= gpg_error_from_errno (errno
);
1231 if (!rc
&& fd
!= -1)
1233 char *datadir
= str_asprintf ("%s/data", homedir
);
1237 int dfd
= open (datadir
, O_RDONLY
);
1241 if (fsync (dfd
) == -1)
1242 log_write ("%s %d: %s", __FILE__
, __LINE__
,
1243 pwmd_strerror (errno
));
1248 log_write ("%s %d: %s", __FILE__
, __LINE__
,
1249 pwmd_strerror (errno
));
1256 rc
= gpg_error_from_errno (errno
);
1259 pthread_cleanup_pop (0); // close (fd)
1267 crypto_key_info (const gpgme_key_t key
)
1269 struct string_s
*string
= string_new (NULL
), *s
;
1272 gpgme_subkey_t subkey
;
1273 gpgme_user_id_t uid
;
1278 for (u
= 0, uid
= key
->uids
; uid
; uid
= uid
->next
)
1281 for (n
= 0, subkey
= key
->subkeys
; subkey
; subkey
= subkey
->next
)
1284 s
= string_append_printf (string
, "%u:%u:%u:%u:%u:%u:%u:%u:%u:%u:%i:%s:%s:%s:%i:%u:%u",
1285 key
->revoked
, key
->expired
, key
->disabled
,
1286 key
->invalid
, key
->can_encrypt
, key
->can_sign
,
1287 key
->can_certify
, key
->secret
,
1288 key
->can_authenticate
, key
->is_qualified
,
1290 key
->issuer_serial
? key
->issuer_serial
: "",
1291 key
->issuer_name
? key
->issuer_name
: "",
1292 key
->chain_id
? key
->chain_id
: "",
1293 key
->owner_trust
, u
, n
);
1296 string_free (string
, 1);
1301 for (subkey
= key
->subkeys
; subkey
; subkey
= subkey
->next
)
1305 s
= string_append_printf (string
, ":%u:%u:%u:%u:%u:%u:%u:%u:%u:%u:%u:%i:%u",
1306 subkey
->revoked
, subkey
->expired
,
1307 subkey
->disabled
, subkey
->invalid
,
1308 subkey
->can_encrypt
, subkey
->can_sign
,
1309 subkey
->can_certify
, subkey
->secret
,
1310 subkey
->can_authenticate
, subkey
->is_qualified
,
1311 subkey
->is_cardkey
, subkey
->pubkey_algo
,
1315 string_free (string
, 1);
1320 s
= string_append_printf (string
, ":%s:%s:%s:%li:%li:%s",
1321 subkey
->keyid
, subkey
->fpr
,
1322 subkey
->keygrip
? subkey
->keygrip
: "",
1323 subkey
->timestamp
, subkey
->expires
,
1324 subkey
->card_number
? subkey
->card_number
: "0");
1327 string_free (string
, 1);
1332 tmp
= gnupg_escape (subkey
->curve
);
1333 s
= string_append_printf (string
, ":%s", tmp
? tmp
: "");
1337 string_free (string
, 1);
1344 for (uid
= key
->uids
; uid
; uid
= uid
->next
)
1346 char *userid
, *name
, *email
, *comment
;
1348 userid
= gnupg_escape (uid
->uid
);
1349 name
= gnupg_escape (uid
->name
);
1350 email
= gnupg_escape (uid
->email
);
1351 comment
= gnupg_escape (uid
->comment
);
1352 s
= string_append_printf (string
, ":%u:%u:%u:%s:%s:%s:%s",
1353 uid
->revoked
, uid
->invalid
, uid
->validity
,
1354 userid
? userid
: "",
1357 comment
? comment
: "");
1364 string_free (string
, 1);
1372 string_free (string
, 0);
1377 crypto_try_decrypt (struct client_s
*client
, int no_pinentry
)
1379 struct crypto_s
*crypto
;
1381 char *keyfile
= config_get_string (client
->filename
, "passphrase_file");
1383 rc
= crypto_init (&crypto
, client
->ctx
, client
->filename
, no_pinentry
,
1387 pthread_cleanup_push ((void *)crypto_free
, crypto
);
1388 rc
= crypto_decrypt (client
, crypto
);
1389 pthread_cleanup_pop (1);
1397 /* The advisory lock should be obtained before calling this function. */
1399 crypto_is_symmetric (const char *filename
)
1406 rc
= open_check_file (filename
, &fd
, NULL
, 1);
1410 len
= read (fd
, &magic
, sizeof(magic
));
1412 if (len
!= sizeof (magic
))
1413 return GPG_ERR_INV_VALUE
;
1415 // Always read as big endian.
1416 if (magic
[0] != 0x8c || magic
[1] != 0x0d)
1417 return GPG_ERR_BAD_DATA
;
1423 crypto_delete_key (struct client_s
*client
, struct crypto_s
*crypto
,
1424 const gpgme_key_t key
, int secret
)
1428 STATUS_TIMEOUT_INIT (crypto
);
1429 rc
= send_status (client
->ctx
, STATUS_DECRYPT
, NULL
);
1431 rc
= gpgme_op_delete_start (crypto
->ctx
, key
, secret
);
1438 if (!rc
&& crypto
->progress_rc
)
1439 rc
= crypto
->progress_rc
;
1442 STATUS_TIMEOUT_TEST (crypto
, rc
, STATUS_DECRYPT
, NULL
);
1446 } while (!gpgme_wait (crypto
->ctx
, &rc
, 0) && !rc
);