1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
3 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012
4 Ben Kibbey <bjk@luxsci.net>
6 This file is part of pwmd.
8 Pwmd is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation, either version 2 of the License, or
11 (at your option) any later version.
13 Pwmd is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
27 #include <glib/gprintf.h>
28 #include <glib/gstdio.h>
32 #include <sys/types.h>
36 #include "pwmd-error.h"
48 #include <acl/libacl.h>
52 #include <sys/types.h>
56 static guint8 pwmd_magic
[5] = { '\177', 'P', 'W', 'M', 'D' };
58 static gpg_error_t
mem_realloc_cb(void *data
, const void *buffer
, size_t len
)
60 membuf_t
*mem
= (membuf_t
*)data
;
66 if ((p
= xrealloc(mem
->buf
, mem
->len
+ len
)) == NULL
)
70 memcpy((char *)mem
->buf
+ mem
->len
, buffer
, len
);
75 static gpg_error_t
status_cb(gpointer data
, const gchar
*line
)
77 struct agent_s
*agent
= data
;
79 agent
->inquire_maxlen
= 0;
81 if (!strncmp(line
, "INQUIRE_MAXLEN ", 15)) {
82 agent
->inquire_maxlen
= atoi(line
+15);
83 if (!agent
->client_ctx
)
87 return send_status(agent
->client_ctx
, STATUS_AGENT
, "%s", line
);
90 static gpg_error_t
assuan_command(struct agent_s
*a
, gchar
**result
,
91 gsize
*len
, const gchar
*cmd
)
101 rc
= assuan_transact(a
->ctx
, cmd
, mem_realloc_cb
, &a
->data
,
102 a
->inquire_cb
, a
->inquire_data
, status_cb
, a
);
108 mem_realloc_cb(&a
->data
, "", 1);
110 *result
= (gchar
*)a
->data
.buf
;
122 /* This commands are sent from launch_agent() after reconnecting to the agent
123 * and also from the initial client connection. */
124 static gpg_error_t
send_agent_common_options(struct agent_s
*agent
)
128 rc
= send_to_agent(agent
, NULL
, NULL
, "OPTION cache-ttl-opt-preset=-1");
132 static gpg_error_t
launch_agent(struct agent_s
*agent
)
135 assuan_context_t ctx
;
136 const gchar
*t
= NULL
;
137 static struct assuan_malloc_hooks mhooks
= { xmalloc
, xrealloc
, xfree
};
138 gchar
*s
, buf
[LINE_MAX
];
141 s
= get_key_file_string("global", "agent_env_file");
143 gchar
*ss
= expand_homedir(s
);
150 while ((s
= fgets(buf
, sizeof(buf
), fp
))) {
152 if (g_str_has_prefix(s
, "GPG_AGENT_INFO=")) {
153 g_setenv("GPG_AGENT_INFO", s
+strlen("GPG_AGENT_INFO="), TRUE
);
161 log_write("%s: %s", s
, pwmd_strerror(gpg_error_from_syserror()));
164 t
= g_getenv("GPG_AGENT_INFO");
166 return gpg_err_code(GPG_ERR_NO_AGENT
);
168 rc
= assuan_new_ext(&ctx
, GPG_ERR_SOURCE_DEFAULT
, &mhooks
,
169 debug_level
? assuan_log_cb
: NULL
, "AGENT ");
173 gchar
**fields
= g_strsplit(t
, ":", 0);
174 rc
= assuan_socket_connect(ctx
, fields
[0], ASSUAN_INVALID_PID
, 0);
182 /* Restore the previous agent settings for this new context. */
183 assuan_release(agent
->ctx
);
185 rc
= send_agent_common_options(agent
);
186 if (!rc
&& agent
->display
)
187 rc
= set_agent_option(agent
, "display", agent
->display
);
189 if (!rc
&& agent
->ttyname
)
190 rc
= set_agent_option(agent
, "ttyname", agent
->ttyname
);
192 if (!rc
&& agent
->ttytype
)
193 rc
= set_agent_option(agent
, "ttytype", agent
->ttytype
);
195 if (!rc
&& agent
->lc_messages
)
196 rc
= set_agent_option(agent
, "lc-messages", agent
->lc_messages
);
198 if (!rc
&& agent
->lc_ctype
)
199 rc
= set_agent_option(agent
, "lc-ctype", agent
->lc_ctype
);
206 gpg_error_t
send_to_agent(struct agent_s
*agent
, gchar
**result
, gsize
*len
,
207 const gchar
*fmt
, ...)
214 rc
= launch_agent(agent
);
220 if (g_vasprintf(&cmd
, fmt
, ap
) > 0) {
221 rc
= assuan_command(agent
, result
, len
, cmd
);
222 if (!agent
->restart
&& gpg_err_source(rc
) == GPG_ERR_SOURCE_DEFAULT
223 && (gpg_err_code(rc
) == GPG_ERR_ASS_CONNECT_FAILED
224 || gpg_err_code(rc
) == GPG_ERR_EPIPE
)) {
225 g_unsetenv("GPG_AGENT_INFO");
226 agent
->restart
= TRUE
;
227 rc
= launch_agent(agent
);
229 rc
= assuan_command(agent
, result
, len
, cmd
);
232 agent
->restart
= FALSE
;
242 static void agent_disconnect(struct agent_s
*agent
)
248 assuan_release(agent
->ctx
);
253 void cleanup_agent(struct agent_s
*agent
)
259 g_free(agent
->display
);
260 g_free(agent
->ttyname
);
261 g_free(agent
->ttytype
);
262 g_free(agent
->lc_messages
);
263 g_free(agent
->lc_ctype
);
266 agent_disconnect(agent
);
271 gpg_error_t
agent_init(struct agent_s
**agent
)
273 struct agent_s
*new = g_malloc0(sizeof(struct agent_s
));
276 return GPG_ERR_ENOMEM
;
282 void set_header_defaults(file_header_t
*hdr
)
284 gchar
*s
= get_key_file_string(NULL
, "cipher");
285 gint flags
= cipher_string_to_cipher(s
);
288 memset(hdr
, 0, sizeof(file_header_t
));
289 memcpy(hdr
->magic
, pwmd_magic
, sizeof(hdr
->magic
));
291 log_write(_("Invalid 'cipher' in configuration file. Using a default of aes256."));
292 hdr
->flags
= flags
== -1 ? PWMD_CIPHER_AES256
: flags
;
293 hdr
->version
= VERSION_HEX
;
296 gpg_error_t
read_data_header(const gchar
*filename
, file_header_t
*rhdr
,
297 struct stat
*rst
, gint
*rfd
)
305 if (g_lstat(filename
, &st
) == -1)
306 return gpg_error_from_syserror();
308 if (!S_ISREG(st
.st_mode
))
309 return GPG_ERR_ENOANO
;
311 fd
= open(filename
, O_RDONLY
);
313 return gpg_error_from_syserror();
315 len
= read(fd
, &hdr
, sizeof(file_header_t
));
316 if (len
!= sizeof(file_header_t
))
317 rc
= rc
== -1 ? gpg_error_from_syserror() : GPG_ERR_BAD_DATA
;
319 if (!rc
&& memcmp(hdr
.magic
, pwmd_magic
, sizeof(hdr
.magic
)))
320 rc
= GPG_ERR_BAD_DATA
;
321 else if (hdr
.version
< 0x030000)
322 rc
= GPG_ERR_UNKNOWN_VERSION
;
340 gpg_error_t
read_data_file(const gchar
*filename
, struct crypto_s
*crypto
)
348 cleanup_crypto_stage1(crypto
);
349 rc
= read_data_header(filename
, &crypto
->hdr
, &st
, &fd
);
353 crypto
->ciphertext_len
= crypto
->hdr
.datalen
;
354 crypto
->ciphertext
= g_malloc(crypto
->hdr
.datalen
);
355 if (!crypto
->ciphertext
) {
360 rlen
= read(fd
, crypto
->grip
, 20);
362 rc
= rc
== -1 ? gpg_error_from_syserror() : GPG_ERR_BAD_DATA
;
366 rlen
= read(fd
, crypto
->sign_grip
, 20);
368 rc
= rc
== -1 ? gpg_error_from_syserror() : GPG_ERR_BAD_DATA
;
372 len
= read(fd
, crypto
->ciphertext
, crypto
->hdr
.datalen
);
373 if (len
!= crypto
->hdr
.datalen
) {
374 rc
= rc
== -1 ? gpg_error_from_syserror() : GPG_ERR_BAD_DATA
;
378 len
= st
.st_size
-sizeof(file_header_t
)-crypto
->hdr
.datalen
-40;
385 rlen
= read(fd
, buf
, len
);
387 rc
= rc
== -1 ? gpg_error_from_syserror() : GPG_ERR_BAD_DATA
;
391 rc
= gcry_sexp_new(&crypto
->ciphertext_sexp
, buf
, rlen
, 1);
395 if (crypto
->pkey_sexp
)
396 gcry_sexp_release(crypto
->pkey_sexp
);
398 if (crypto
->sigpkey_sexp
)
399 gcry_sexp_release(crypto
->sigpkey_sexp
);
401 crypto
->pkey_sexp
= crypto
->sigpkey_sexp
= NULL
;
402 rc
= get_pubkey_bin(crypto
, crypto
->grip
, &crypto
->pkey_sexp
);
404 rc
= get_pubkey_bin(crypto
, crypto
->sign_grip
, &crypto
->sigpkey_sexp
);
412 static gpg_error_t
inquire_cb(gpointer user
, const char *keyword
)
414 struct inquire_data_s
*idata
= user
;
416 if (!idata
->preset
&& (!g_strcmp0(keyword
, "PASSPHRASE")
417 || !g_strcmp0(keyword
, "NEW_PASSPHRASE"))) {
418 return agent_loopback_cb(idata
->crypto
, keyword
);
420 // SAVE --inquire-keyparam
421 else if (idata
->preset
&& !g_strcmp0(keyword
, "KEYPARAM")) {
422 idata
->preset
= FALSE
;
423 return agent_loopback_cb(idata
->crypto
, keyword
);
426 if (idata
->crypto
->agent
->inquire_maxlen
427 && idata
->len
> idata
->crypto
->agent
->inquire_maxlen
) {
428 log_write(_("Inquired data too large: have=%u, max=%u"), idata
->len
,
429 idata
->crypto
->agent
->inquire_maxlen
);
430 return GPG_ERR_TOO_LARGE
;
433 idata
->crypto
->agent
->inquire_maxlen
= 0;
434 return assuan_send_data(idata
->crypto
->agent
->ctx
, idata
->line
, idata
->len
);
437 static gpg_error_t
extract_key(struct crypto_s
*crypto
, guchar
**result
,
441 gcry_sexp_t enc_sexp
= NULL
, tmp_sexp
;
442 struct inquire_data_s idata
= {0};
443 gchar
*hexgrip
= NULL
;
445 gsize keylen
, keysize
;
447 gint algo
= cipher_to_gcrypt(crypto
->hdr
.flags
);
450 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
454 tmp_sexp
= gcry_sexp_find_token(crypto
->ciphertext_sexp
, "enc-val", 0);
456 return GPG_ERR_BAD_DATA
;
458 hexgrip
= bin2hex(crypto
->grip
, sizeof(crypto
->grip
));
464 rc
= cache_is_shadowed(hexgrip
);
465 if (rc
&& rc
!= GPG_ERR_NO_DATA
)
468 shadowed
= !rc
? TRUE
: FALSE
;
470 gcry_sexp_t tmp2_sexp
= gcry_sexp_cdr(tmp_sexp
);
471 gcry_sexp_release(tmp_sexp
);
472 tmp_sexp
= gcry_sexp_nth(tmp2_sexp
, 0);
473 gcry_sexp_release(tmp2_sexp
);
474 rc
= gcry_sexp_build(&enc_sexp
, NULL
, "(enc-val (flags pkcs1) %S)",
478 rc
= gcry_sexp_build(&enc_sexp
, NULL
, "%S", tmp_sexp
);
480 gcry_sexp_release(tmp_sexp
);
484 crypto
->agent
->inquire_cb
= inquire_cb
;
485 idata
.crypto
= crypto
;
486 idata
.len
= gcry_sexp_sprint(enc_sexp
, GCRYSEXP_FMT_CANON
, NULL
, 0);
487 idata
.line
= g_malloc(idata
.len
);
493 idata
.len
= gcry_sexp_sprint(enc_sexp
, GCRYSEXP_FMT_CANON
, idata
.line
,
495 crypto
->agent
->inquire_data
= &idata
;
496 gcry_sexp_release(enc_sexp
);
498 log_write1(_("Keygrip is %s, bits=%i"), hexgrip
,
499 gcry_pk_get_nbits(crypto
->pkey_sexp
));
500 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
, "SETKEY %s", hexgrip
);
504 if (!crypto
->agent
->desc
) {
506 "A %s is required to unlock the secret key for the "
507 "encrypted data file \"%s\". Please enter the %s "
509 shadowed
? "PIN" : _("passphrase"), crypto
->filename
,
510 shadowed
? "PIN" : _("passphrase"));
513 tmp
= plus_escape(crypto
->agent
->desc
);
515 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
, "SETKEYDESC %s", tmp
);
520 assuan_begin_confidential(crypto
->agent
->ctx
);
521 rc
= send_to_agent(crypto
->agent
, &key
, &keylen
, "PKDECRYPT");
522 assuan_end_confidential(crypto
->agent
->ctx
);
526 rc
= gcry_sexp_new(&tmp_sexp
, key
, keylen
, 1);
531 key
= (gchar
*)gcry_sexp_nth_data(tmp_sexp
, 1, result_len
);
533 *result
= gcry_malloc(*result_len
);
537 memcpy(*result
, key
, *result_len
);
540 rc
= GPG_ERR_BAD_DATA
;
542 gcry_sexp_release(tmp_sexp
);
549 gcry_sexp_release(enc_sexp
);
554 static gpg_error_t
verify(gcry_sexp_t pkey
, gcry_sexp_t sig_sexp
,
555 const gpointer data
, gsize len
)
558 guint hashlen
= gcry_md_get_algo_dlen(GCRY_MD_SHA256
);
560 gcry_sexp_t data_sexp
;
562 hash
= gcry_malloc(hashlen
);
564 return GPG_ERR_ENOMEM
;
566 gcry_md_hash_buffer(GCRY_MD_SHA256
, hash
, data
, len
);
567 rc
= gcry_sexp_build(&data_sexp
, NULL
,
568 "(data (flags pkcs1) (hash sha256 %b))", hashlen
, hash
);
571 rc
= gcry_pk_verify(sig_sexp
, data_sexp
, pkey
);
572 gcry_sexp_release(data_sexp
);
578 #define CRYPTO_BLOCKSIZE(c) (blocksize * 1024)
581 * Useful for a large amount of data. Rather than doing all of the data in one
582 * iteration do it in chunks. This lets the command be cancelable rather than
583 * waiting for it to complete.
585 static gpg_error_t
iterate_crypto_once(gcry_cipher_hd_t h
, guchar
*inbuf
,
586 gsize insize
, gsize blocksize
, status_msg_t which
)
589 goffset len
= CRYPTO_BLOCKSIZE(blocksize
);
590 gpointer p
= gcry_malloc(len
);
595 return GPG_ERR_ENOMEM
;
597 if (insize
< CRYPTO_BLOCKSIZE(blocksize
))
600 pthread_cleanup_push(gcry_free
, p
);
603 inbuf2
= inbuf
+total
;
606 if (len
+ total
> insize
)
609 if (which
== STATUS_ENCRYPT
)
610 rc
= gcry_cipher_encrypt(h
, p
, len
, inbuf2
, len
);
612 rc
= gcry_cipher_decrypt(h
, p
, len
, inbuf2
, len
);
618 memmove(tmp
, p
, len
);
623 pthread_testcancel();
626 pthread_cleanup_pop(1);
630 gpg_error_t
decrypt_data(assuan_context_t ctx
, struct crypto_s
*crypto
)
635 gcry_cipher_hd_t h
= NULL
;
636 gsize blocksize
, keysize
;
637 gint algo
= cipher_to_gcrypt(crypto
->hdr
.flags
);
638 gpointer outbuf
= NULL
;
639 gcry_sexp_t sig_sexp
;
640 guint64 n
= crypto
->hdr
.iterations
, progress
;
643 rc
= extract_key(crypto
, &key
, &keylen
);
647 sig_sexp
= gcry_sexp_find_token(crypto
->ciphertext_sexp
, "sig-val", 0);
649 rc
= GPG_ERR_BAD_DATA
;
653 rc
= verify(crypto
->sigpkey_sexp
, sig_sexp
, crypto
->ciphertext
, crypto
->ciphertext_len
);
654 gcry_sexp_release(sig_sexp
);
658 rc
= gcry_cipher_open(&h
, algo
, GCRY_CIPHER_MODE_CBC
, 0);
662 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
666 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_BLKLEN
, NULL
, &blocksize
);
670 rc
= gcry_cipher_setiv(h
, crypto
->hdr
.iv
, sizeof(crypto
->hdr
.iv
));
674 rc
= gcry_cipher_setkey(h
, key
, keylen
);
678 outbuf
= gcry_malloc(crypto
->hdr
.datalen
);
684 memcpy(outbuf
, crypto
->ciphertext
, crypto
->hdr
.datalen
);
685 rc
= iterate_crypto_once(h
, outbuf
, crypto
->hdr
.datalen
, blocksize
,
691 rc
= gcry_cipher_setkey(h
, key
, keylen
);
695 p
= get_key_file_string(NULL
, "cipher_progress");
698 progress
= strtoull(p
, NULL
, 10);
700 progress
= strtoull(DEFAULT_ITERATION_PROGRESS
, NULL
, 10);
705 progress
= strtoull(DEFAULT_ITERATION_PROGRESS
, NULL
, 10);
707 if (!rc
&& ctx
&& crypto
->hdr
.iterations
)
708 rc
= send_status(ctx
, STATUS_DECRYPT
, "%llu %llu", 0,
709 crypto
->hdr
.iterations
);
711 for (n
= 0; !rc
&& n
< crypto
->hdr
.iterations
; n
++) {
712 if (ctx
&& !(n
%progress
)) {
713 rc
= send_status(ctx
, STATUS_DECRYPT
, "%llu %llu", n
,
714 crypto
->hdr
.iterations
);
719 rc
= gcry_cipher_setiv(h
, crypto
->hdr
.iv
, sizeof(crypto
->hdr
.iv
));
723 rc
= iterate_crypto_once(h
, outbuf
, crypto
->hdr
.datalen
, blocksize
,
727 if (!rc
&& ctx
&& crypto
->hdr
.iterations
)
728 rc
= send_status(ctx
, STATUS_DECRYPT
, "%llu %llu", n
,
729 crypto
->hdr
.iterations
);
735 crypto
->plaintext
= outbuf
;
736 crypto
->plaintext_len
= crypto
->hdr
.datalen
;
740 gcry_cipher_close(h
);
744 gpg_error_t
decrypt_xml(struct crypto_s
*crypto
, const gpointer data
,
747 gcry_cipher_hd_t h
= NULL
;
750 rc
= gcry_cipher_open(&h
, GCRY_CIPHER_AES
, GCRY_CIPHER_MODE_CBC
, 0);
754 gcry_free(crypto
->plaintext
);
755 crypto
->plaintext
= gcry_malloc(len
);
756 if (!crypto
->plaintext
) {
761 rc
= gcry_cipher_setiv(h
, cache_iv
, cache_blocksize
);
765 rc
= gcry_cipher_setkey(h
, cache_key
, cache_keysize
);
769 rc
= gcry_cipher_decrypt(h
, crypto
->plaintext
, len
, data
, len
);
771 gcry_free(crypto
->plaintext
);
772 crypto
->plaintext
= NULL
;
775 crypto
->plaintext_len
= len
;
779 gcry_cipher_close(h
);
784 gpg_error_t
encrypt_xml(assuan_context_t ctx
, gpointer key
, gsize keylen
,
785 gint algo
, const gpointer xml
, gsize len
, gpointer
*result
, gsize
786 *result_len
, guchar
**iv
, gsize
*iv_len
, guint64 iter
)
790 gsize blocksize
, keysize
;
791 gpointer inbuf
= NULL
;
794 guchar
*tmpkey
= NULL
;
797 rc
= gcry_cipher_open(&h
, algo
, GCRY_CIPHER_MODE_CBC
, 0);
801 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
805 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_BLKLEN
, NULL
, &blocksize
);
809 if (*(iv_len
) == 0) {
810 *(iv
) = g_malloc(blocksize
);
814 gcry_create_nonce(*(iv
), blocksize
);
818 tmpkey
= gcry_malloc(keylen
);
824 memcpy(tmpkey
, key
, keylen
);
826 rc
= gcry_cipher_setkey(h
, tmpkey
, keylen
);
831 len
+= blocksize
-(len
%blocksize
);
833 inbuf
= gcry_malloc(len
);
839 memset(inbuf
, 0, len
);
840 memcpy(inbuf
, xml
, olen
);
841 p
= get_key_file_string(NULL
, "cipher_progress");
844 progress
= strtoull(p
, NULL
, 10);
846 progress
= strtoull(DEFAULT_ITERATION_PROGRESS
, NULL
, 10);
851 progress
= strtoull(DEFAULT_ITERATION_PROGRESS
, NULL
, 10);
853 if (!rc
&& ctx
&& iter
)
854 rc
= send_status(ctx
, STATUS_ENCRYPT
, "%llu %llu", 0, iter
);
856 for (n
= 0; !rc
&& n
< iter
; n
++) {
857 if (ctx
&& !(n
%progress
)) {
858 rc
= send_status(ctx
, STATUS_ENCRYPT
, "%llu %llu", n
, iter
);
863 rc
= gcry_cipher_setiv(h
, *(iv
), blocksize
);
867 rc
= iterate_crypto_once(h
, inbuf
, len
, blocksize
, STATUS_ENCRYPT
);
870 if (!rc
&& ctx
&& iter
)
871 rc
= send_status(ctx
, STATUS_ENCRYPT
, "%llu %llu", n
, iter
);
876 /* Do at least one iteration. */
877 rc
= gcry_cipher_setiv(h
, *(iv
), blocksize
);
881 rc
= gcry_cipher_setkey(h
, key
, keylen
);
885 rc
= iterate_crypto_once(h
, inbuf
, len
, blocksize
, STATUS_ENCRYPT
);
892 gcry_cipher_close(h
);
899 gcry_cipher_close(h
);
903 gpg_error_t
agent_loopback_cb(gpointer user
, const gchar
*keyword
)
905 struct crypto_s
*crypto
= user
;
909 gboolean keyparam
= FALSE
;
911 if (!g_strcmp0(keyword
, "KEYPARAM")) {
913 rc
= assuan_inquire(crypto
->client_ctx
, keyword
, &result
, &len
, 0);
915 else { // PASSPHRASE or NEW_PASSPHRASE
916 assuan_begin_confidential(crypto
->client_ctx
);
917 rc
= assuan_inquire(crypto
->client_ctx
, keyword
, &result
, &len
, 0);
918 assuan_end_confidential(crypto
->client_ctx
);
922 if (keyparam
&& !len
) {
923 gchar
*tmp
= default_key_params(crypto
);
926 return gpg_error(GPG_ERR_ENOMEM
);
929 result
= xmalloc(len
);
930 memcpy(result
, tmp
, len
);
934 pthread_cleanup_push(xfree
, result
);
937 rc
= assuan_send_data(crypto
->agent
->ctx
, result
, len
);
939 assuan_begin_confidential(crypto
->agent
->ctx
);
940 rc
= assuan_send_data(crypto
->agent
->ctx
, result
, len
);
941 assuan_end_confidential(crypto
->agent
->ctx
);
944 pthread_cleanup_pop(1);
946 else if (gpg_err_code(rc
) == GPG_ERR_ASS_CANCELED
) {
947 gpg_error_t arc
= assuan_write_line(crypto
->agent
->ctx
, "CAN");
953 arc
= assuan_read_line(crypto
->agent
->ctx
, &line
, &len
);
964 static gpg_error_t
sign(gcry_sexp_t
*rsexp
, const gchar
*sign_hexgrip
,
965 struct crypto_s
*crypto
, const gpointer data
, gsize len
)
969 gchar
*tmp
= sign_hexgrip
? g_strdup(sign_hexgrip
)
970 : bin2hex(crypto
->grip
, sizeof(crypto
->grip
));
972 pthread_cleanup_push(g_free
, tmp
);
973 log_write1(_("Sign keygrip is %s"), tmp
);
974 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
, "SIGKEY %s", tmp
);
975 pthread_cleanup_pop(1);
978 guint hashlen
= gcry_md_get_algo_dlen(GCRY_MD_SHA256
);
980 hash
= gcry_malloc(hashlen
);
982 return GPG_ERR_ENOMEM
;
984 gcry_md_hash_buffer(GCRY_MD_SHA256
, hash
, data
, len
);
985 tmp
= bin2hex(hash
, hashlen
);
987 pthread_cleanup_push(g_free
, tmp
);
988 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
,
989 "SETHASH --hash=sha256 %s", tmp
);
990 pthread_cleanup_pop(1);
994 struct inquire_data_s idata
= {0};
996 idata
.crypto
= crypto
;
997 crypto
->agent
->inquire_data
= &idata
;
998 crypto
->agent
->inquire_cb
= inquire_cb
;
999 rc
= send_to_agent(crypto
->agent
, &result
, &len
, "PKSIGN");
1001 rc
= gcry_sexp_sscan(rsexp
, NULL
, result
, len
);
1009 static gpg_error_t
write_file(struct crypto_s
*crypto
, const gchar
*filename
,
1010 gpointer data
, gsize data_len
, gpointer sexp
, gsize sexp_len
,
1011 gcry_sexp_t pubkey
, gcry_sexp_t sigpkey
)
1013 gchar tmp
[FILENAME_MAX
] = { 0 };
1024 if (g_lstat(filename
, &st
) == 0) {
1025 mode
= st
.st_mode
& (S_IRWXU
|S_IRWXG
|S_IRWXO
);
1027 if (!(mode
& S_IWUSR
))
1028 return GPG_ERR_EACCES
;
1030 else if (errno
!= ENOENT
)
1031 return gpg_error_from_syserror();
1033 g_snprintf(tmp
, sizeof(tmp
), "%s.XXXXXX", filename
);
1034 #if GLIB_CHECK_VERSION(2, 22, 0)
1035 fd
= g_mkstemp_full(tmp
, O_WRONLY
, 0600);
1040 rc
= gpg_error_from_syserror();
1041 log_write("%s: %s", tmp
, pwmd_strerror(rc
));
1046 // xml_import() or convert_file() from command line.
1050 pthread_cleanup_push(cleanup_unlink_cb
, tmp
);
1051 crypto
->save
.hdr
.version
= VERSION_HEX
;
1052 len
= write(fd
, &crypto
->save
.hdr
, sizeof(file_header_t
));
1053 if (len
== sizeof(file_header_t
)) {
1056 gcry_pk_get_keygrip(pubkey
, grip
);
1057 len
= write(fd
, grip
, sizeof(grip
));
1058 if (len
== sizeof(grip
)) {
1059 gcry_pk_get_keygrip(sigpkey
, grip
);
1060 len
= write(fd
, grip
, sizeof(grip
));
1061 if (len
== sizeof(grip
)) {
1062 len
= write(fd
, data
, data_len
);
1063 if (len
== data_len
) {
1064 len
= write(fd
, sexp
, sexp_len
);
1065 if (len
!= sexp_len
)
1066 rc
= gpg_error_from_syserror();
1069 rc
= gpg_error_from_syserror();
1073 rc
= gpg_error_from_syserror();
1076 rc
= gpg_error_from_syserror();
1079 pthread_cleanup_push(acl_free
, acl
);
1082 if (fsync(fd
) != -1) {
1083 if (filename
&& close(fd
) != -1) {
1084 if (mode
&& get_key_file_boolean(filename
, "backup")) {
1085 gchar tmp2
[FILENAME_MAX
];
1087 g_snprintf(tmp2
, sizeof(tmp2
), "%s.backup", filename
);
1089 acl
= acl_get_file(filename
, ACL_TYPE_ACCESS
);
1091 log_write("ACL: %s: %s", filename
,
1092 pwmd_strerror(gpg_error_from_syserror()));
1095 if (g_rename(filename
, tmp2
) == -1)
1096 rc
= gpg_error_from_syserror();
1098 else if (filename
) {
1100 acl
= acl_get_file(".", ACL_TYPE_DEFAULT
);
1102 log_write("ACL: %s: %s", filename
,
1103 pwmd_strerror(gpg_error_from_syserror()));
1108 rc
= gpg_error_from_syserror();
1111 rc
= gpg_error_from_syserror();
1115 if (filename
&& g_rename(tmp
, filename
) != -1) {
1117 if (filename
&& mode
)
1118 g_chmod(filename
, mode
);
1121 if (filename
&& acl
&& acl_set_file(filename
, ACL_TYPE_ACCESS
, acl
))
1122 log_write("ACL: %s: %s", filename
,
1123 pwmd_strerror(gpg_error_from_syserror()));
1126 /* Be sure the file entry has been written to disk. On FreeBSD I
1127 * noticed delays causing a following command to return
1128 * GPG_ERR_CHECKSUM. Recommended from fsync(2) (Linux).
1132 gchar
*s
= get_key_file_string("global", "data_directory");
1134 path
= expand_homedir(s
);
1136 dir
= opendir(path
);
1143 rc
= gpg_error_from_syserror();
1148 rc
= gpg_error_from_syserror();
1151 rc
= gpg_error_from_syserror();
1155 pthread_cleanup_pop(1);
1157 pthread_cleanup_pop(rc
? 1 : 0); // unlink
1161 gpg_error_t
encrypt_data_file(assuan_context_t ctx
, struct crypto_s
*crypto
,
1162 gcry_sexp_t pubkey
, gcry_sexp_t sigpkey
, const gchar
*filename
, const
1163 gpointer xml
, gsize len
)
1166 gpointer data
= NULL
;
1168 gpointer enc_xml
= NULL
;
1169 gsize enc_xml_len
= 0;
1172 gint algo
= cipher_to_gcrypt(crypto
->save
.hdr
.flags
);
1173 gpointer key
= NULL
;
1175 guchar sig_grip
[20];
1178 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
1182 pthread_cleanup_push(gcry_free
, key
);
1183 key
= gcry_random_bytes_secure(keysize
, GCRY_STRONG_RANDOM
);
1184 pthread_testcancel(); // may have been a long operation
1185 pthread_cleanup_pop(0);
1187 return GPG_ERR_ENOMEM
;
1189 gcry_pk_get_keygrip(pubkey
, grip
);
1190 gcry_pk_get_keygrip(sigpkey
, sig_grip
);
1191 pthread_cleanup_push(g_free
, iv
);
1192 pthread_cleanup_push(gcry_free
, key
);
1193 rc
= encrypt_xml(ctx
, key
, keysize
, algo
, xml
, len
, &enc_xml
, &enc_xml_len
,
1194 &iv
, &iv_len
, crypto
->save
.hdr
.iterations
);
1196 gcry_sexp_t sig_sexp
= NULL
;
1197 gchar
*hexgrip
= bin2hex(sig_grip
, 20);
1199 pthread_cleanup_push(gcry_free
, enc_xml
);
1200 rc
= sign(&sig_sexp
, hexgrip
, crypto
, enc_xml
, enc_xml_len
);
1204 rc
= verify(sigpkey
, sig_sexp
, enc_xml
, enc_xml_len
);
1207 gcry_sexp_t tmp_sexp
;
1209 rc
= gcry_sexp_build(&tmp_sexp
, NULL
,
1210 "(data (flags pkcs1) (value %b))", keysize
, key
);
1212 gcry_sexp_t key_sexp
;
1214 pthread_cleanup_push((void (*)(void*))gcry_sexp_release
,
1216 rc
= gcry_pk_encrypt(&key_sexp
, tmp_sexp
, pubkey
);
1217 pthread_cleanup_pop(0);
1218 gcry_sexp_release(tmp_sexp
);
1221 memcpy(crypto
->save
.hdr
.iv
, iv
, iv_len
);
1222 crypto
->save
.hdr
.datalen
= enc_xml_len
;
1223 rc
= gcry_sexp_build(&tmp_sexp
, NULL
, "%S%S", key_sexp
,
1225 gcry_sexp_release(key_sexp
);
1228 data_len
= gcry_sexp_sprint(tmp_sexp
,
1229 GCRYSEXP_FMT_CANON
, NULL
, 0);
1230 data
= g_malloc(data_len
);
1232 gcry_sexp_sprint(tmp_sexp
, GCRYSEXP_FMT_CANON
,
1235 rc
= GPG_ERR_ENOMEM
;
1237 gcry_sexp_release(tmp_sexp
);
1244 pthread_cleanup_pop(0); // enc_xml
1247 gcry_sexp_release(sig_sexp
);
1250 pthread_cleanup_pop(1); // key
1251 pthread_cleanup_pop(1); // iv
1254 pthread_cleanup_push(gcry_free
, enc_xml
);
1255 rc
= write_file(crypto
, filename
, enc_xml
, enc_xml_len
, data
, data_len
,
1257 pthread_cleanup_pop(1); // enc_xml
1259 memcpy(&crypto
->hdr
, &crypto
->save
.hdr
, sizeof(file_header_t
));
1266 void cleanup_save(struct save_s
*save
)
1272 gcry_sexp_release(save
->pkey
);
1275 gcry_sexp_release(save
->sigpkey
);
1277 memset(save
, 0, sizeof(struct save_s
));
1280 /* Keep the agent ctx to retain pinentry options which will be freed in
1281 * cleanup_cb(). Also keep .pubkey since it may be needed for a SAVE. */
1282 void cleanup_crypto_stage1(struct crypto_s
*cr
)
1287 cleanup_save(&cr
->save
);
1289 if (cr
->ciphertext_sexp
)
1290 gcry_sexp_release(cr
->ciphertext_sexp
);
1293 gcry_free(cr
->plaintext
);
1295 g_free(cr
->ciphertext
);
1296 g_free(cr
->filename
);
1297 cr
->filename
= NULL
;
1298 cr
->ciphertext_sexp
= NULL
;
1299 cr
->ciphertext
= NULL
;
1300 cr
->ciphertext_len
= 0;
1301 cr
->plaintext
= NULL
;
1302 cr
->plaintext_len
= 0;
1305 void cleanup_crypto_stage2(struct crypto_s
*cr
)
1310 cleanup_crypto_stage1(cr
);
1311 set_header_defaults(&cr
->hdr
);
1314 void cleanup_crypto(struct crypto_s
**c
)
1316 struct crypto_s
*cr
= *c
;
1321 cleanup_crypto_stage2(cr
);
1324 gcry_sexp_release(cr
->pkey_sexp
);
1326 if (cr
->sigpkey_sexp
)
1327 gcry_sexp_release(cr
->sigpkey_sexp
);
1330 cleanup_agent(cr
->agent
);
1336 gpg_error_t
init_client_crypto(struct crypto_s
**crypto
)
1338 struct crypto_s
*new = g_malloc0(sizeof(struct crypto_s
));
1342 log_write("%s(%i): %s", __FILE__
, __LINE__
, pwmd_strerror(GPG_ERR_ENOMEM
));
1343 return GPG_ERR_ENOMEM
;
1346 rc
= agent_init(&new->agent
);
1348 rc
= send_agent_common_options(new->agent
);
1350 rc
= set_pinentry_options(new->agent
);
1358 set_header_defaults(&new->hdr
);
1363 gpg_error_t
generate_key(struct crypto_s
*crypto
, gchar
*sexpstr
,
1364 gboolean empty
, gboolean preset
)
1370 if (crypto
->save
.s2k_count
) {
1371 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
,
1372 "OPTION s2k-count=%lu", crypto
->save
.s2k_count
);
1377 if (!crypto
->agent
->inquire_cb
)
1378 crypto
->agent
->inquire_cb
= inquire_cb
;
1380 rc
= send_to_agent(crypto
->agent
, &pkey
, &plen
, "GENKEY %s%s",
1381 preset
? "--preset " : "",
1382 empty
? "--no-protection" : "");
1386 if (crypto
->save
.pkey
)
1387 gcry_sexp_release(crypto
->save
.pkey
);
1389 crypto
->save
.pkey
= NULL
;
1390 rc
= gcry_sexp_new(&crypto
->save
.pkey
, pkey
, plen
, 1);
1394 gcry_pk_get_keygrip(crypto
->save
.pkey
, grip
);
1395 gchar
*hexgrip
= bin2hex(grip
, sizeof(grip
));
1396 log_write1(_("Keygrip is %s"), hexgrip
);
1399 if (!crypto
->save
.sigpkey
) {
1400 gcry_sexp_build((gcry_sexp_t
*)&crypto
->save
.sigpkey
, NULL
, "%S",
1409 gpg_error_t
set_agent_option(struct agent_s
*agent
, const gchar
*name
,
1412 return send_to_agent(agent
, NULL
, NULL
, "OPTION %s=%s", name
, value
);
1415 gpg_error_t
set_agent_passphrase(struct crypto_s
*crypto
, const gchar
*key
,
1419 struct inquire_data_s idata
;
1423 /* This is for use with key files or passphrases obtained from an inquire.
1424 * gpg-agent uses strings as passphrases and will truncate the passphrase
1425 * at the first encountered null byte. It's only a warning because the
1426 * passphrase may belong to a key shared outside of pwmd. */
1427 for (i
= 0; i
< len
; i
++) {
1429 log_write(_("WARNING: keylen=%i, truncated to %i."), len
, i
);
1434 hexgrip
= bin2hex(crypto
->grip
, 20);
1435 crypto
->agent
->inquire_cb
= inquire_cb
;
1436 crypto
->agent
->inquire_data
= &idata
;
1437 idata
.crypto
= crypto
;
1438 idata
.line
= (gchar
*)key
,
1440 idata
.preset
= TRUE
;
1441 assuan_begin_confidential(crypto
->agent
->ctx
);
1442 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
,
1443 "PRESET_PASSPHRASE --inquire %s -1", hexgrip
);
1444 assuan_end_confidential(crypto
->agent
->ctx
);
1445 idata
.preset
= FALSE
;
1450 gpg_error_t
set_pinentry_mode(struct agent_s
*agent
, const gchar
*mode
)
1452 return set_agent_option(agent
, "pinentry-mode", mode
);
1455 gpg_error_t
get_pubkey_bin(struct crypto_s
*crypto
, const guchar
*grip
,
1456 gcry_sexp_t
*result
)
1458 gchar
*hexgrip
= bin2hex(grip
, 20);
1462 return GPG_ERR_ENOMEM
;
1464 rc
= get_pubkey(crypto
, hexgrip
, result
);
1469 gpg_error_t
get_pubkey(struct crypto_s
*crypto
, const gchar
*grip
,
1470 gcry_sexp_t
*result
)
1476 rc
= send_to_agent(crypto
->agent
, &pkey
, &plen
, "READKEY %s", grip
);
1478 rc
= gcry_sexp_new(result
, pkey
, plen
, 1);
1484 gpg_error_t
set_pinentry_options(struct agent_s
*agent
)
1488 if (getenv("DISPLAY")) {
1489 rc
= set_agent_option(agent
, "display", getenv("DISPLAY"));
1491 g_free(agent
->display
);
1492 agent
->display
= g_strdup(getenv("DISPLAY"));
1495 else if (ttyname(STDOUT_FILENO
)) {
1496 rc
= set_agent_option(agent
, "ttyname", ttyname(STDOUT_FILENO
));
1498 rc
= set_agent_option(agent
, "ttytype", getenv("TERM"));
1500 g_free(agent
->ttyname
);
1501 g_free(agent
->ttytype
);
1502 agent
->ttyname
= g_strdup(ttyname(STDOUT_FILENO
));
1503 agent
->ttytype
= g_strdup(getenv("TERM"));
1511 static gpg_error_t
inquire_keyfile(gpointer user
, const gchar
*keyword
)
1513 struct crypto_s
*crypto
= user
;
1514 gchar
*filename
= crypto
->agent
->inquire_data2
;
1515 gchar
*params
= crypto
->agent
->inquire_data3
;
1522 if (!g_strcmp0(keyword
, "KEYPARAM"))
1523 return assuan_send_data(crypto
->agent
->ctx
, params
, strlen(params
));
1525 // This function is only used when generating a new keypair.
1526 if (g_strcmp0(keyword
, "NEW_PASSPHRASE"))
1527 return gpg_error(GPG_ERR_ASS_UNKNOWN_INQUIRE
);
1529 if (stat(filename
, &st
) == -1)
1530 return gpg_error_from_syserror();
1532 if (crypto
->agent
->inquire_maxlen
1533 && st
.st_size
> crypto
->agent
->inquire_maxlen
) {
1534 log_write(_("The passphrase is too large: have=%u, max=%u."),
1535 (unsigned)st
.st_size
, crypto
->agent
->inquire_maxlen
);
1536 return GPG_ERR_TOO_LARGE
;
1539 buf
= gcry_malloc_secure(st
.st_size
);
1541 return GPG_ERR_ENOMEM
;
1543 fd
= open(filename
, O_RDONLY
);
1545 rc
= gpg_error_from_syserror();
1547 len
= read(fd
, buf
, st
.st_size
);
1548 if (len
== st
.st_size
) {
1549 assuan_begin_confidential(crypto
->agent
->ctx
);
1550 rc
= assuan_send_data(crypto
->agent
->ctx
, buf
, len
);
1551 assuan_end_confidential(crypto
->agent
->ctx
);
1554 rc
= gpg_error_from_syserror();
1556 rc
= GPG_ERR_BUFFER_TOO_SHORT
;
1564 gpg_error_t
export_common(struct crypto_s
*crypto
, const gchar
*hexgrip
,
1565 const gchar
*sign_hexgrip
, gboolean no_passphrase
,
1566 const gpointer data
, gsize datalen
, const gchar
*outfile
,
1567 const gchar
*keyparams
, const gchar
*keyfile
)
1571 if (!sign_hexgrip
&& hexgrip
)
1572 sign_hexgrip
= hexgrip
;
1575 if (crypto
->sigpkey_sexp
)
1576 gcry_sexp_release(crypto
->sigpkey_sexp
);
1578 crypto
->sigpkey_sexp
= NULL
;
1579 rc
= get_pubkey(crypto
, sign_hexgrip
, &crypto
->save
.sigpkey
);
1583 gcry_pk_get_keygrip(crypto
->save
.sigpkey
, crypto
->sign_grip
);
1587 rc
= get_pubkey(crypto
, hexgrip
, &crypto
->save
.pkey
);
1589 gcry_pk_get_keygrip(crypto
->save
.pkey
, crypto
->grip
);
1592 struct inquire_data_s idata
= {0};
1593 gchar
*params
= keyparams
? g_strdup(keyparams
)
1594 : default_key_params(crypto
);
1596 pthread_cleanup_push(g_free
, params
);
1597 log_write(_("Generating a new keypair ..."));
1599 log_write(_("Using passphrase obtained from file '%s'"), keyfile
);
1600 rc
= set_pinentry_mode(crypto
->agent
, "loopback");
1601 crypto
->agent
->inquire_cb
= inquire_keyfile
;
1602 crypto
->agent
->inquire_data
= crypto
;
1603 crypto
->agent
->inquire_data2
= (gchar
*)keyfile
;
1604 crypto
->agent
->inquire_data3
= params
;
1607 idata
.line
= params
;
1608 idata
.len
= strlen(params
);
1609 idata
.crypto
= crypto
;
1610 crypto
->agent
->inquire_cb
= inquire_cb
;
1611 crypto
->agent
->inquire_data
= &idata
;
1615 rc
= generate_key(crypto
, params
, no_passphrase
, TRUE
);
1616 gcry_pk_get_keygrip(crypto
->save
.pkey
, crypto
->grip
);
1619 (void)set_pinentry_mode(crypto
->agent
, "ask");
1620 pthread_cleanup_pop(1);
1624 rc
= encrypt_data_file(NULL
, crypto
, crypto
->save
.pkey
,
1625 crypto
->save
.sigpkey
, outfile
, data
, datalen
);
1627 gchar
*tmp
= bin2hex(crypto
->grip
, sizeof(crypto
->grip
));
1629 log_write(_("Success! Keygrip is %s."), tmp
);
1630 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
,
1631 "CLEAR_PASSPHRASE --mode=normal %s", tmp
);
1635 tmp
= bin2hex(crypto
->sign_grip
, sizeof(crypto
->sign_grip
));
1636 log_write(_("Signed with keygrip %s."), tmp
);
1645 gchar
*default_key_params(struct crypto_s
*crypto
)
1647 gint len
= get_key_file_integer(NULL
, "nbits");
1649 gchar
*algo
= get_key_file_string(NULL
, "algo");
1652 g_snprintf(buf
, sizeof(buf
), "%i", len
);
1653 result
= g_strdup_printf("(genkey (%s (nbits %lu:%i)))", algo
, strlen(buf
),
1659 gpg_error_t
agent_passwd(struct crypto_s
*crypto
)
1661 struct inquire_data_s idata
= {0};
1663 gchar
*tmp
= bin2hex(crypto
->grip
, 20);
1665 idata
.crypto
= crypto
;
1666 crypto
->agent
->inquire_cb
= inquire_cb
;
1667 crypto
->agent
->inquire_data
= &idata
;
1668 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
, "PASSWD --preset %s", tmp
);
1673 gpg_error_t
kill_scd(struct agent_s
*agent
)
1677 if (get_key_file_boolean(NULL
, "kill_scd")) {
1678 rc
= send_to_agent(agent
, NULL
, NULL
, "SCD KILLSCD");
1679 if (rc
&& gpg_err_code(rc
) != GPG_ERR_NO_SCDAEMON
)
1680 log_write("%s: %s", __FUNCTION__
, pwmd_strerror(rc
));