2 Copyright (C) 2015, 2016
3 Ben Kibbey <bjk@luxsci.net>
5 This file is part of pwmd.
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
29 #include <sys/types.h>
32 #include <sys/resource.h>
34 #include <arpa/inet.h>
35 #include <libxml/tree.h>
36 #include <libxml/parser.h>
37 #include <libxml/xpath.h>
41 #include "pwmd-error.h"
44 #ifdef HAVE_SYS_PRCTL_H
45 #include <sys/prctl.h>
56 #define _(msgid) gettext(msgid)
59 #ifdef HAVE_GETOPT_LONG
64 #include "getopt_long.h"
67 #include "util-string.h"
76 #define PWMD_CIPHER_OFFSET (1)
77 #define PWMD_CIPHER(n) (PWMD_CIPHER_OFFSET << n)
78 #define PWMD_CIPHER_AES128 PWMD_CIPHER (0)
79 #define PWMD_CIPHER_AES192 PWMD_CIPHER (1)
80 #define PWMD_CIPHER_AES256 PWMD_CIPHER (2)
81 #define PWMD_CIPHER_SERPENT128 PWMD_CIPHER (3)
82 #define PWMD_CIPHER_SERPENT192 PWMD_CIPHER (4)
83 #define PWMD_CIPHER_SERPENT256 PWMD_CIPHER (5)
84 #define PWMD_CIPHER_CAMELLIA128 PWMD_CIPHER (6)
85 #define PWMD_CIPHER_CAMELLIA192 PWMD_CIPHER (7)
86 #define PWMD_CIPHER_CAMELLIA256 PWMD_CIPHER (8)
87 #define PWMD_CIPHER_3DES PWMD_CIPHER (9)
88 #define PWMD_CIPHER_CAST5 PWMD_CIPHER (10)
89 #define PWMD_CIPHER_BLOWFISH PWMD_CIPHER (11)
90 #define PWMD_CIPHER_TWOFISH PWMD_CIPHER (12)
91 #define PWMD_CIPHER_TWOFISH128 PWMD_CIPHER (13)
93 #define PWMD_FLAG_OFFSET (PWMD_CIPHER_OFFSET << 15)
94 #define PWMD_FLAG(n) (PWMD_FLAG_OFFSET << n)
95 #define PWMD_FLAG_PKI PWMD_FLAG (1)
96 #define PWMD_FLAG_NO_PASSPHRASE PWMD_FLAG (2)
108 uint32_t datalen
; /* of the encrypted xml */
109 } __attribute__ ((packed
)) file_header_t
;
113 gcry_sexp_t pkey
; /* SAVE --keygrip */
114 gcry_sexp_t sigpkey
; /* SAVE --sign-keygrip */
120 //assuan_context_t client_ctx;
122 struct agent_s
*agent
;
125 gcry_sexp_t pkey_sexp
;
126 unsigned char grip
[20];
127 gcry_sexp_t sigpkey_sexp
;
128 unsigned char sign_grip
[20];
129 gcry_sexp_t ciphertext_sexp
;
131 size_t ciphertext_len
;
133 size_t plaintext_len
;
135 char *filename
; /* the currently opened data file */
138 #define DEFAULT_KDFS2K_ITERATIONS 5000000
139 #define COMPAT_KDFS2K_ITERATIONS 1000
141 const char *reserved_attributes
[] = {
142 "_name", "_mtime", "_ctime", "_acl", "target",
145 static unsigned char crypto_magic
[5] = "\177PWMD";
146 static int use_agent
;
148 static void set_header_defaults (file_header_t
* hdr
);
149 static gpg_error_t
decrypt_common (struct crypto_s
*crypto
,
150 const char *filename
, const char *keyfile
);
151 static gpg_error_t
read_data_file (const char *filename
,
152 struct crypto_s
*crypto
);
153 static void cleanup_crypto_stage1 (struct crypto_s
*cr
);
154 static void cleanup_crypto (struct crypto_s
**c
);
157 cipher_to_gcrypt (int flags
)
162 if (flags
& PWMD_CIPHER_AES128
)
163 return GCRY_CIPHER_AES128
;
164 else if (flags
& PWMD_CIPHER_AES192
)
165 return GCRY_CIPHER_AES192
;
166 else if (flags
& PWMD_CIPHER_AES256
)
167 return GCRY_CIPHER_AES256
;
168 else if (flags
& PWMD_CIPHER_SERPENT128
)
169 return GCRY_CIPHER_SERPENT128
;
170 else if (flags
& PWMD_CIPHER_SERPENT192
)
171 return GCRY_CIPHER_SERPENT192
;
172 else if (flags
& PWMD_CIPHER_SERPENT256
)
173 return GCRY_CIPHER_SERPENT256
;
174 else if (flags
& PWMD_CIPHER_CAMELLIA128
)
175 return GCRY_CIPHER_CAMELLIA128
;
176 else if (flags
& PWMD_CIPHER_CAMELLIA192
)
177 return GCRY_CIPHER_CAMELLIA192
;
178 else if (flags
& PWMD_CIPHER_CAMELLIA256
)
179 return GCRY_CIPHER_CAMELLIA256
;
180 else if (flags
& PWMD_CIPHER_BLOWFISH
)
181 return GCRY_CIPHER_BLOWFISH
;
182 else if (flags
& PWMD_CIPHER_3DES
)
183 return GCRY_CIPHER_3DES
;
184 else if (flags
& PWMD_CIPHER_CAST5
)
185 return GCRY_CIPHER_CAST5
;
186 else if (flags
& PWMD_CIPHER_TWOFISH
)
187 return GCRY_CIPHER_TWOFISH
;
188 else if (flags
& PWMD_CIPHER_TWOFISH128
)
189 return GCRY_CIPHER_TWOFISH128
;
195 cipher_string_to_cipher (const char *str
)
199 if (!strcasecmp (str
, "aes128"))
200 flags
= PWMD_CIPHER_AES128
;
201 else if (!strcasecmp (str
, "aes192"))
202 flags
= PWMD_CIPHER_AES192
;
203 else if (!strcasecmp (str
, "aes256"))
204 flags
= PWMD_CIPHER_AES256
;
205 else if (!strcasecmp (str
, "serpent128"))
206 flags
= PWMD_CIPHER_SERPENT128
;
207 else if (!strcasecmp (str
, "serpent192"))
208 flags
= PWMD_CIPHER_SERPENT192
;
209 else if (!strcasecmp (str
, "serpent256"))
210 flags
= PWMD_CIPHER_SERPENT256
;
211 else if (!strcasecmp (str
, "camellia128"))
212 flags
= PWMD_CIPHER_CAMELLIA128
;
213 else if (!strcasecmp (str
, "camellia192"))
214 flags
= PWMD_CIPHER_CAMELLIA192
;
215 else if (!strcasecmp (str
, "camellia256"))
216 flags
= PWMD_CIPHER_CAMELLIA256
;
217 else if (!strcasecmp (str
, "blowfish"))
218 flags
= PWMD_CIPHER_BLOWFISH
;
219 else if (!strcasecmp (str
, "cast5"))
220 flags
= PWMD_CIPHER_CAST5
;
221 else if (!strcasecmp (str
, "3des"))
222 flags
= PWMD_CIPHER_3DES
;
223 else if (!strcasecmp (str
, "twofish256"))
224 flags
= PWMD_CIPHER_TWOFISH
;
225 else if (!strcasecmp (str
, "twofish128"))
226 flags
= PWMD_CIPHER_TWOFISH128
;
234 usage (const char *pn
, int rc
)
236 fprintf(rc
== EXIT_SUCCESS
? stdout
: stderr
,
237 "%s [-hvn] [--force] [-k <filename>] [--xml] <infile> <outfile>\n"
238 " --no-convert, -n don't discard data for elements with targets\n"
239 " --force don't abort when converting\n"
240 " --xml read a raw pwmd XML document\n"
241 " --keyfile, -k file containing the passphrase to use for decryption\n"
244 "Use - as <outfile> to write to standard output.\n",
250 init_client_crypto (struct crypto_s
**crypto
)
252 struct crypto_s
*new = xcalloc (1, sizeof (struct crypto_s
));
264 rc
= agent_init (&new->agent
);
267 rc
= send_agent_common_options (new->agent
);
269 rc
= agent_set_pinentry_options (new->agent
);
274 cleanup_agent (new->agent
);
281 set_header_defaults (&new->hdr
);
287 parse_doc (const char *xml
, size_t len
, xmlDocPtr
*result
)
291 xmlResetLastError ();
292 doc
= xmlReadMemory (xml
, len
, NULL
, "UTF-8", XML_PARSE_NOBLANKS
);
293 if (!doc
&& xmlGetLastError ())
294 return GPG_ERR_BAD_DATA
;
297 return !doc
? GPG_ERR_ENOMEM
: 0;
301 xml_attribute_value (xmlNodePtr n
, xmlChar
* attr
)
303 xmlAttrPtr a
= xmlHasProp (n
, attr
);
308 if (!a
->children
|| !a
->children
->content
)
311 return xmlGetProp (n
, attr
);
315 xml_reserved_attribute (const char *name
)
319 for (i
= 0; reserved_attributes
[i
]; i
++)
321 if (!strcmp (name
, reserved_attributes
[i
]))
328 remove_non_reserved_attributes (xmlNodePtr n
)
332 for (a
= n
->properties
; a
; a
= a
->next
)
334 if (xml_reserved_attribute ((char *)a
->name
))
342 strip_literals (const char *filename
, xmlNodePtr n
, int force
)
346 for (; n
; n
= n
->next
)
350 if (n
->type
!= XML_ELEMENT_NODE
)
353 if (!xmlStrEqual (n
->name
, (xmlChar
*) "element"))
355 xmlNodePtr tmp
= n
->next
;
359 return strip_literals (filename
, tmp
, force
);
362 target
= xml_attribute_value (n
, (xmlChar
*)"target");
365 xmlChar lastc
= 0, *p
;
367 remove_non_reserved_attributes (n
);
369 for (lastc
= 0, p
= target
; *p
;)
371 if (*p
== '!' && (p
== target
|| lastc
== '\t'))
385 if (!xmlSetProp (n
, (xmlChar
*) "target", target
))
388 return GPG_ERR_INV_VALUE
;
393 if (n
->children
&& !force
)
395 fprintf(stderr
, _("%s: aborting do to literal child elements (use --force)\n"), filename
);
396 return GPG_ERR_CANCELED
;
398 else if (n
->children
)
400 xmlNodePtr tmp
= n
->children
;
402 xmlUnlinkNode (n
->children
);
403 xmlFreeNodeList (tmp
);
407 rc
= strip_literals (filename
, n
->children
, force
);
416 main(int argc
, char **argv
)
420 struct crypto_s
*crypto
= NULL
;
421 char *outfile
= NULL
, *infile
= NULL
, *keyfile
= NULL
;
427 const char *optstring
= "vhk:n";
431 const struct option longopts
[] = {
432 {"force", no_argument
, 0, 0},
433 {"xml", no_argument
, 0, 0},
434 {"no-convert", no_argument
, 0, 'n'},
435 {"keyfile", required_argument
, 0, 'k'},
436 {"version", no_argument
, 0, 'v'},
437 {"help", no_argument
, 0, 'h'},
442 #ifdef HAVE_SETRLIMIT
445 rl
.rlim_cur
= rl
.rlim_max
= 0;
447 if (setrlimit (RLIMIT_CORE
, &rl
) != 0)
448 err (EXIT_FAILURE
, "setrlimit()");
451 #ifdef HAVE_PR_SET_DUMPABLE
452 prctl (PR_SET_DUMPABLE
, 0);
456 if (!gpgrt_check_version (REQUIRE_LIBGPGERROR_VERSION
))
458 fprintf (stderr
, _("gpgrt_check_version(): Incompatible libgpg-error. "
459 "Wanted %s, got %s.\n"), REQUIRE_LIBGPGERROR_VERSION
,
460 gpgrt_check_version (NULL
));
465 //gpgrt_set_alloc_func (xrealloc_gpgrt);
467 if (!gcry_check_version (REQUIRE_LIBGCRYPT_VERSION
))
469 fprintf (stderr
, _("gcry_check_version(): Incompatible libgcrypt. "
470 "Wanted %s, got %s.\n"), REQUIRE_LIBGCRYPT_VERSION
,
471 gcry_check_version (NULL
));
475 gcry_set_allocation_handler (xmalloc
, xmalloc
, NULL
, xrealloc
, xfree
);
476 xmlMemSetup (xfree
, xmalloc
, xrealloc
, str_dup
);
482 while ((opt
= getopt_long (argc
, argv
, optstring
, longopts
, &optindex
)) != -1)
493 usage (argv
[0], EXIT_SUCCESS
);
497 "Copyright (C) 2015, 2016\n"
499 "Released under the terms of the GPL v2. Use at your own risk.\n\n"),
500 PACKAGE_STRING
, PACKAGE_BUGREPORT
);
512 usage (argv
[0], EXIT_FAILURE
);
516 usage (argv
[0], EXIT_FAILURE
);
521 if (argc
- optind
!= 2)
522 usage (argv
[0], EXIT_FAILURE
);
524 infile
= argv
[optind
++];
525 outfile
= argv
[optind
];
526 if (strcmp (outfile
, "-"))
528 if (access (outfile
, R_OK
|W_OK
) == 0)
530 fprintf(stderr
, _("Please remove the existing output file '%s'.\n"),
536 rc
= init_client_crypto (&crypto
);
542 rc
= decrypt_common (crypto
, infile
, keyfile
);
550 fd
= open (infile
, O_RDONLY
);
553 rc
= gpg_error_from_syserror ();
557 if (fstat (fd
, &st
) == -1)
559 rc
= gpg_error_from_syserror ();
564 crypto
->plaintext
= gcry_calloc (1, sizeof (char) * st
.st_size
+1);
565 if (!crypto
->plaintext
)
572 crypto
->plaintext_len
= read (fd
, crypto
->plaintext
, st
.st_size
);
574 if (crypto
->plaintext_len
!= st
.st_size
)
576 rc
= GPG_ERR_UNKNOWN_ERRNO
;
585 rc
= parse_doc ((char *) crypto
->plaintext
, crypto
->plaintext_len
, &doc
);
586 cleanup_crypto (&crypto
);
592 FILE *fp
= outfile
[0] == '-' && outfile
[1] == 0 ? stdout
593 : fopen (outfile
, "w");
597 rc
= gpg_error_from_syserror ();
604 xmlNodePtr n
= xmlDocGetRootElement (doc
);
605 rc
= strip_literals (infile
, n
->children
, force
);
613 xmlDocDumpMemory (doc
, &buf
, &len
);
615 fprintf (fp
, "%s", buf
);
625 cleanup_crypto (&crypto
);
629 cleanup_crypto (&crypto
);
630 fprintf(stderr
, "ERR %u: %s\n", rc
, gpg_strerror (rc
));
635 hash_key (int algo
, unsigned char *salt
, size_t salt_len
, const void *key
,
636 size_t keylen
, void **result
, size_t *rlen
, uint64_t iterations
)
641 /* Be sure the algorithm is available. */
642 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
, rlen
);
646 /* Always allocate enough for a 256-bit key although the algorithms
647 themselves may use less. Fixes SAVE --cipher with a different
648 keylen than the previously saved cipher when cached. */
650 tmp
= xmalloc (*rlen
);
652 return GPG_ERR_ENOMEM
;
655 iterations
= DEFAULT_KDFS2K_ITERATIONS
;
657 rc
= gcry_kdf_derive(key
, keylen
, GCRY_KDF_ITERSALTED_S2K
, GCRY_MD_SHA1
,
658 salt
, salt_len
, iterations
, *rlen
, tmp
);
668 * Useful for a large amount of data. Rather than doing all of the data in one
669 * iteration do it in chunks. This lets the command be cancelable rather than
670 * waiting for it to complete.
672 #define CRYPTO_BLOCKSIZE(c) (c * 1024)
674 iterate_crypto_once (gcry_cipher_hd_t h
, unsigned char *inbuf
,
675 size_t insize
, size_t blocksize
)
678 off_t len
= CRYPTO_BLOCKSIZE (blocksize
);
679 void *p
= gcry_malloc (len
);
683 return gpg_error (GPG_ERR_ENOMEM
);
685 if (insize
< CRYPTO_BLOCKSIZE (blocksize
))
688 pthread_cleanup_push (gcry_free
, p
);
692 unsigned char *inbuf2
= inbuf
+ total
;
695 if (len
+ total
> insize
)
698 rc
= gcry_cipher_decrypt (h
, p
, len
, inbuf2
, len
);
703 memmove (tmp
, p
, len
);
708 #ifdef HAVE_PTHREAD_TESTCANCEL
709 pthread_testcancel ();
713 pthread_cleanup_pop (1);
714 if (rc
&& gpg_err_source (rc
) == GPG_ERR_SOURCE_UNKNOWN
)
721 cleanup_cipher (void *arg
)
723 gcry_cipher_close ((gcry_cipher_hd_t
) arg
);
726 /* Decrypt the XML data. For PKI data files the key is retrieved from
727 * gpg-agent and the signature verified. */
729 decrypt_data (struct crypto_s
*crypto
, unsigned char *salted_key
,
733 unsigned char *key
= salted_key
;
734 gcry_cipher_hd_t h
= NULL
;
735 size_t blocksize
, keysize
= 0;
736 int algo
= cipher_to_gcrypt (crypto
->hdr
.flags
);
738 uint64_t n
= crypto
->hdr
.s2k_count
;
740 size_t keylen
= skeylen
;
741 gcry_sexp_t sig_sexp
;
743 if (crypto
->hdr
.flags
& PWMD_FLAG_PKI
)
745 rc
= agent_extract_key (crypto
, &key
, &keylen
);
749 sig_sexp
= gcry_sexp_find_token (crypto
->ciphertext_sexp
, "sig-val", 0);
753 return GPG_ERR_BAD_DATA
;
756 rc
= agent_verify (crypto
->sigpkey_sexp
, sig_sexp
, crypto
->ciphertext
,
757 crypto
->ciphertext_len
);
758 gcry_sexp_release (sig_sexp
);
765 rc
= gcry_cipher_open (&h
, algo
, GCRY_CIPHER_MODE_CBC
, 0);
768 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
,
772 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_BLKLEN
, NULL
,
776 rc
= gcry_cipher_setiv (h
, crypto
->hdr
.iv
, blocksize
);
779 rc
= gcry_cipher_setkey (h
, key
, keysize
);
786 pthread_cleanup_push (cleanup_cipher
, rc
? NULL
: h
);
790 outbuf
= gcry_malloc (crypto
->hdr
.datalen
+1);
794 memset (outbuf
, 0, crypto
->hdr
.datalen
+1);
797 pthread_cleanup_push (gcry_free
, outbuf
);
799 pthread_cleanup_push (gcry_free
, key
);
805 rc
= GPG_ERR_INV_PARAMETER
;
808 memcpy (outbuf
, crypto
->ciphertext
, crypto
->hdr
.datalen
);
809 rc
= iterate_crypto_once (h
, outbuf
, crypto
->hdr
.datalen
, blocksize
);
812 if (!rc
&& crypto
->hdr
.version
<= 0x03000e)
815 rc
= gcry_cipher_setkey (h
, key
, keysize
);
819 if (!rc
&& crypto
->hdr
.version
<= 0x03000e)
821 for (n
= 0; !rc
&& n
< crypto
->hdr
.s2k_count
; n
++)
823 rc
= gcry_cipher_setiv (h
, crypto
->hdr
.iv
, blocksize
);
827 rc
= iterate_crypto_once (h
, outbuf
, crypto
->hdr
.datalen
, blocksize
);
832 pthread_cleanup_pop (0);
833 if (crypto
->hdr
.flags
& PWMD_FLAG_PKI
)
835 else if (key
&& crypto
->hdr
.version
<= 0x03000e)
838 if (crypto
->hdr
.version
<= 0x03000e)
841 pthread_cleanup_pop (rc
? 1 : 0); /* outbuf */
842 pthread_cleanup_pop (1); /* cipher */
845 char buf
[] = "<?xml ";
847 if (memcmp (outbuf
, buf
, sizeof(buf
)-1))
850 return gpg_error (GPG_ERR_BAD_PASSPHRASE
);
853 crypto
->plaintext
= outbuf
;
854 crypto
->plaintext_len
= crypto
->hdr
.datalen
;
857 if (rc
&& gpg_err_source (rc
) == GPG_ERR_SOURCE_UNKNOWN
)
864 get_passphrase (const char *filename
, const char *keyfile
, void **r_key
,
867 char buf
[255] = { 0 };
868 struct termios told
, tnew
;
878 fd
= open (keyfile
, O_RDONLY
);
880 return gpg_error_from_syserror ();
882 if (fstat (fd
, &st
) == -1)
884 gpg_error_t rc
= gpg_error_from_syserror ();
890 len
= read (fd
, buf
, sizeof (buf
));
891 if (len
!= st
.st_size
)
894 wipememory (buf
, 0, sizeof (buf
));
895 return gpg_error_from_syserror ();
898 *r_len
= st
.st_size
? st
.st_size
: 1;
899 *r_key
= xmalloc (*r_len
);
901 memcpy (*r_key
, buf
, *r_len
);
902 wipememory (buf
, 0, sizeof (buf
));
904 return *r_key
? 0 : GPG_ERR_ENOMEM
;
907 if (!isatty (STDIN_FILENO
))
908 return GPG_ERR_ENOTTY
;
910 if (tcgetattr (STDIN_FILENO
, &told
) == -1)
911 return gpg_error_from_syserror ();
913 memcpy (&tnew
, &told
, sizeof (struct termios
));
914 tnew
.c_lflag
&= ~(ECHO
);
915 tnew
.c_lflag
|= ICANON
| ECHONL
;
916 if (tcsetattr (STDIN_FILENO
, TCSANOW
, &tnew
) == -1)
920 tcsetattr (STDIN_FILENO
, TCSANOW
, &told
);
921 return gpg_error_from_errno (n
);
924 fprintf(stderr
, "Passphrase for '%s': ", filename
);
925 if (!fgets (buf
, sizeof (buf
), stdin
))
927 tcsetattr (STDIN_FILENO
, TCSANOW
, &told
);
931 tcsetattr (STDIN_FILENO
, TCSANOW
, &told
);
933 if (buf
[strlen(buf
)-1] == '\n')
934 buf
[strlen(buf
)-1] = 0;
935 *r_len
= buf
[0] == 0 ? 1 : strlen (buf
);
936 *r_key
= str_dup (buf
);
937 wipememory (buf
, 0, sizeof (buf
));
941 /* Common to both PKI and non-PKI files. */
943 decrypt_common (struct crypto_s
*crypto
, const char *filename
,
948 gpg_error_t rc
= read_data_file (filename
, crypto
);
949 int algo
= cipher_to_gcrypt (crypto
->hdr
.flags
);
956 rc
= get_passphrase (filename
, keyfile
, &key
, &keylen
);
960 if (key
)// && !IS_PKI (crypto))
962 rc
= hash_key (algo
, crypto
->hdr
.salt
, sizeof(crypto
->hdr
.salt
), key
,
963 keylen
, &skey
, &skeysize
,
964 crypto
->hdr
.version
<= 0x03000e ? COMPAT_KDFS2K_ITERATIONS
: crypto
->hdr
.s2k_count
);
973 xfree (crypto
->filename
);
974 crypto
->filename
= str_dup (filename
);
975 rc
= decrypt_data (crypto
, skey
, skeysize
);
981 read_header (file_header_t
*hdr
, int fd
)
987 #ifdef WORDS_BIGENDIAN
988 len
= read (fd
, &hdr
->magic
, sizeof(hdr
->magic
));
992 len
= read (fd
, &hdr
->version
, sizeof(hdr
->version
));
996 len
= read (fd
, &hdr
->s2k_count
, sizeof(hdr
->s2k_count
));
1000 len
= read (fd
, &hdr
->flags
, sizeof(hdr
->flags
));
1004 len
= read (fd
, &hdr
->iv
, sizeof(hdr
->iv
));
1008 len
= read (fd
, &hdr
->salt
, sizeof(hdr
->salt
));
1012 len
= read (fd
, &hdr
->datalen
, sizeof(hdr
->datalen
));
1016 len
= read (fd
, &hdr
->magic
, sizeof(hdr
->magic
));
1020 len
= read (fd
, &i
, sizeof(hdr
->version
));
1023 hdr
->version
= ntohl (i
);
1025 len
= read (fd
, &n
, sizeof(hdr
->s2k_count
));
1028 hdr
->s2k_count
= (((uint64_t) ntohl (n
)) << 32) + ntohl (n
>> 32);
1030 len
= read (fd
, &n
, sizeof(hdr
->flags
));
1033 hdr
->flags
= (((uint64_t) ntohl (n
)) << 32) + ntohl (n
>> 32);
1035 len
= read (fd
, &hdr
->iv
, sizeof(hdr
->iv
));
1039 len
= read (fd
, &hdr
->salt
, sizeof(hdr
->salt
));
1043 len
= read (fd
, &i
, sizeof(hdr
->datalen
));
1046 hdr
->datalen
= ntohl (i
);
1050 return len
== -1 ? gpg_error_from_errno (errno
) : 0;
1053 /* Read the header of a data file to determine cipher and other. The
1054 * header is stored big endian in the file and is converted to little
1055 * endian when needed. */
1057 read_data_header (const char *filename
, file_header_t
* rhdr
,
1058 struct stat
*rst
, int *rfd
)
1065 fd
= open (filename
, O_RDONLY
);
1067 return gpg_error_from_syserror ();
1069 if (fstat (fd
, &st
) == -1)
1071 rc
= gpg_error_from_syserror ();
1076 rc
= read_header (&hdr
, fd
);
1077 if (!rc
&& memcmp (hdr
.magic
, crypto_magic
, sizeof (hdr
.magic
)))
1078 rc
= GPG_ERR_BAD_DATA
;
1079 else if (!rc
&& hdr
.version
< 0x030000)
1080 rc
= GPG_ERR_UNKNOWN_VERSION
;
1096 return gpg_error (rc
);
1100 read_data_file (const char *filename
, struct crypto_s
* crypto
)
1109 return GPG_ERR_INV_PARAMETER
;
1111 cleanup_crypto_stage1 (crypto
);
1112 rc
= read_data_header (filename
, &crypto
->hdr
, &st
, &fd
);
1114 return gpg_error (rc
);
1116 crypto
->ciphertext_len
= crypto
->hdr
.datalen
;
1117 crypto
->ciphertext
= xmalloc (crypto
->hdr
.datalen
);
1118 if (!crypto
->ciphertext
)
1120 rc
= GPG_ERR_ENOMEM
;
1124 /* The keygrips for PKI files are stored after the header. They are
1125 * stored in the file to let file(1) magic(5) show the grips. */
1126 if (crypto
->hdr
.flags
& PWMD_FLAG_PKI
)
1128 rlen
= read (fd
, crypto
->grip
, 20);
1131 rc
= rlen
== -1 ? gpg_error_from_errno (errno
) : GPG_ERR_BAD_DATA
;
1135 rlen
= read (fd
, crypto
->sign_grip
, 20);
1138 rc
= rlen
== -1 ? gpg_error_from_errno (errno
) : GPG_ERR_BAD_DATA
;
1143 len
= read (fd
, crypto
->ciphertext
, crypto
->hdr
.datalen
);
1144 if (len
!= crypto
->hdr
.datalen
)
1146 rc
= len
== -1 ? gpg_error_from_errno (errno
) : GPG_ERR_BAD_DATA
;
1150 if (!(crypto
->hdr
.flags
& PWMD_FLAG_PKI
))
1155 rc
= GPG_ERR_NOT_IMPLEMENTED
;
1160 len
= st
.st_size
- sizeof (file_header_t
) - crypto
->hdr
.datalen
- 40;
1161 buf
= xmalloc (len
);
1164 rc
= GPG_ERR_ENOMEM
;
1168 /* Remaining data file bytes are the encrypted key and XML. */
1169 rlen
= read (fd
, buf
, len
);
1172 rc
= rlen
== -1 ? gpg_error_from_errno (errno
) : GPG_ERR_BAD_DATA
;
1176 rc
= gcry_sexp_new (&crypto
->ciphertext_sexp
, buf
, rlen
, 1);
1180 if (crypto
->pkey_sexp
)
1181 gcry_sexp_release (crypto
->pkey_sexp
);
1183 if (crypto
->sigpkey_sexp
)
1184 gcry_sexp_release (crypto
->sigpkey_sexp
);
1186 crypto
->pkey_sexp
= crypto
->sigpkey_sexp
= NULL
;
1187 rc
= get_pubkey_bin (crypto
, crypto
->grip
, &crypto
->pkey_sexp
);
1189 rc
= get_pubkey_bin (crypto
, crypto
->sign_grip
, &crypto
->sigpkey_sexp
);
1195 if (rc
&& gpg_err_source (rc
) == GPG_ERR_SOURCE_UNKNOWN
)
1196 rc
= gpg_error (rc
);
1202 cleanup_save (struct save_s
*save
)
1209 gcry_sexp_release (save
->pkey
);
1212 gcry_sexp_release (save
->sigpkey
);
1215 memset (save
, 0, sizeof (struct save_s
));
1218 /* Keep the agent ctx to retain pinentry options which will be freed in
1219 * cleanup_cb(). Also keep .pubkey since it may be needed for a SAVE. */
1221 cleanup_crypto_stage1 (struct crypto_s
*cr
)
1226 cleanup_save (&cr
->save
);
1229 if (cr
->ciphertext_sexp
)
1230 gcry_sexp_release (cr
->ciphertext_sexp
);
1232 cr
->ciphertext_sexp
= NULL
;
1235 gcry_free (cr
->plaintext
);
1236 xfree (cr
->ciphertext
);
1237 xfree (cr
->filename
);
1238 cr
->filename
= NULL
;
1239 cr
->ciphertext
= NULL
;
1240 cr
->ciphertext_len
= 0;
1241 cr
->plaintext
= NULL
;
1242 cr
->plaintext_len
= 0;
1246 cleanup_crypto_stage2 (struct crypto_s
*cr
)
1251 cleanup_crypto_stage1 (cr
);
1252 set_header_defaults (&cr
->hdr
);
1256 cleanup_crypto (struct crypto_s
**c
)
1258 struct crypto_s
*cr
= *c
;
1263 cleanup_crypto_stage2 (cr
);
1267 gcry_sexp_release (cr
->pkey_sexp
);
1269 if (cr
->sigpkey_sexp
)
1270 gcry_sexp_release (cr
->sigpkey_sexp
);
1273 cleanup_agent (cr
->agent
);
1280 /* Sets the default cipher values for new files. */
1282 set_header_defaults (file_header_t
* hdr
)
1284 const char *s
= "aes256";
1285 int flags
= cipher_string_to_cipher (s
);
1287 memset (hdr
, 0, sizeof (file_header_t
));
1288 memcpy (hdr
->magic
, crypto_magic
, sizeof (hdr
->magic
));
1290 fprintf(stderr
, _("Invalid 'cipher' in configuration file. Using a default of aes256."));
1292 hdr
->flags
= flags
== -1 ? PWMD_CIPHER_AES256
: flags
;
1293 hdr
->version
= VERSION_HEX
;
1297 hdr
->flags
|= PWMD_FLAG_PKI
;