search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix the "passphrase_file" and "passphrase" configuration parameters.
[pwmd.git] / src / crypto.c
blobeb82b34c9805ff71b178092d9c2c2fcd1d3bf2ea
1 #ifdef HAVE_CONFIG_H
2 #include <config.h>
3 #endif
4
5 #include <stdio.h>
6 #include <sys/types.h>
7 #include <sys/stat.h>
8 #include <fcntl.h>
9 #include <errno.h>
10
11 #ifdef WITH_LIBACL
12 #include <sys/acl.h>
13 #endif
14
15 #include "pwmd-error.h"
16 #include "util-misc.h"
17 #include "common.h"
18 #include "rcfile.h"
19 #include "pinentry.h"
20 #include "crypto.h"
21 #include "cache.h"
22 #include "mem.h"
23 #include "util-string.h"
24
25 static uint8_t pwmd_magic[5] = { '\177', 'P', 'W', 'M', 'D' };
26
27 void
28 set_header_defaults (file_header_t * hdr)
29 {
30 char *s = config_get_string (NULL, "cipher");
31 int flags = cipher_string_to_cipher (s);
32
33 xfree (s);
34 memset (hdr, 0, sizeof (file_header_t));
35 memcpy (hdr->magic, pwmd_magic, sizeof (hdr->magic));
36 if (flags == -1)
37 log_write (_
38 ("Invalid 'cipher' in configuration file. Using a default of aes256."));
39 hdr->flags = flags == -1 ? PWMD_CIPHER_AES256 : flags;
40 hdr->version = VERSION_HEX;
41
42 #ifdef WITH_AGENT
43 if (use_agent)
44 hdr->flags |= PWMD_FLAG_PKCS;
45 #endif
46 }
47
48 gpg_error_t
49 read_data_header (const char *filename, file_header_t * rhdr,
50 struct stat *rst, int *rfd)
51 {
52 gpg_error_t rc = 0;
53 size_t len;
54 struct stat st;
55 file_header_t hdr;
56 int fd;
57
58 if (lstat (filename, &st) == -1)
59 return gpg_error_from_syserror ();
60
61 if (!S_ISREG (st.st_mode))
62 return GPG_ERR_ENOANO;
63
64 fd = open (filename, O_RDONLY);
65 if (fd == -1)
66 return gpg_error_from_syserror ();
67
68 len = read (fd, &hdr, sizeof (file_header_t));
69 if (len != sizeof (file_header_t))
70 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
71
72 if (!rc && memcmp (hdr.magic, pwmd_magic, sizeof (hdr.magic)))
73 rc = GPG_ERR_BAD_DATA;
74 else if (hdr.version < 0x030000)
75 rc = GPG_ERR_UNKNOWN_VERSION;
76
77 if (rc)
78 close (fd);
79 else
80 {
81 if (rhdr)
82 *rhdr = hdr;
83 if (rst)
84 *rst = st;
85 if (rfd)
86 *rfd = fd;
87 else
88 close (fd);
89 }
90
91 return rc;
92 }
93
94 gpg_error_t
95 read_data_file (const char *filename, struct crypto_s * crypto)
96 {
97 int fd;
98 gpg_error_t rc = 0;
99 size_t len, rlen;
100 char *buf = NULL;
101 struct stat st;
102
103 cleanup_crypto_stage1 (crypto);
104 rc = read_data_header (filename, &crypto->hdr, &st, &fd);
105 if (rc)
106 return rc;
107
108 crypto->ciphertext_len = crypto->hdr.datalen;
109 crypto->ciphertext = xmalloc (crypto->hdr.datalen);
110 if (!crypto->ciphertext)
111 {
112 rc = GPG_ERR_ENOMEM;
113 goto fail;
114 }
115
116 if (crypto->hdr.flags & PWMD_FLAG_PKCS)
117 {
118 rlen = read (fd, crypto->grip, 20);
119 if (rlen != 20)
120 {
121 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
122 goto fail;
123 }
124
125 rlen = read (fd, crypto->sign_grip, 20);
126 if (rlen != 20)
127 {
128 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
129 goto fail;
130 }
131 }
132
133 len = read (fd, crypto->ciphertext, crypto->hdr.datalen);
134 if (len != crypto->hdr.datalen)
135 {
136 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
137 goto fail;
138 }
139
140 if (!(crypto->hdr.flags & PWMD_FLAG_PKCS))
141 goto fail;
142
143 #ifndef WITH_AGENT
144 rc = GPG_ERR_NOT_IMPLEMENTED;
145 goto fail;
146 #else
147 if (!use_agent)
148 return GPG_ERR_NOT_IMPLEMENTED;
149
150 len = st.st_size - sizeof (file_header_t) - crypto->hdr.datalen - 40;
151 buf = xmalloc (len);
152 if (!buf)
153 {
154 rc = GPG_ERR_ENOMEM;
155 goto fail;
156 }
157
158 rlen = read (fd, buf, len);
159 if (rlen != len)
160 {
161 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
162 goto fail;
163 }
164
165 rc = gcry_sexp_new (&crypto->ciphertext_sexp, buf, rlen, 1);
166 if (rc)
167 goto fail;
168
169 if (crypto->pkey_sexp)
170 gcry_sexp_release (crypto->pkey_sexp);
171
172 if (crypto->sigpkey_sexp)
173 gcry_sexp_release (crypto->sigpkey_sexp);
174
175 crypto->pkey_sexp = crypto->sigpkey_sexp = NULL;
176 rc = get_pubkey_bin (crypto, crypto->grip, &crypto->pkey_sexp);
177 if (!rc)
178 rc = get_pubkey_bin (crypto, crypto->sign_grip, &crypto->sigpkey_sexp);
179 #endif
180
181 fail:
182 close (fd);
183 xfree (buf);
184 return rc;
185 }
186
187 #define CRYPTO_BLOCKSIZE(c) (blocksize * 1024)
188
189 /*
190 * Useful for a large amount of data. Rather than doing all of the data in one
191 * iteration do it in chunks. This lets the command be cancelable rather than
192 * waiting for it to complete.
193 */
194 static gpg_error_t
195 iterate_crypto_once (gcry_cipher_hd_t h, unsigned char *inbuf,
196 size_t insize, size_t blocksize, status_msg_t which)
197 {
198 gpg_error_t rc = 0;
199 off_t len = CRYPTO_BLOCKSIZE (blocksize);
200 void *p = gcry_malloc (len);
201 off_t total = 0;
202 unsigned char *inbuf2;
203
204 if (!p)
205 return GPG_ERR_ENOMEM;
206
207 if (insize < CRYPTO_BLOCKSIZE (blocksize))
208 len = insize;
209
210 pthread_cleanup_push (gcry_free, p);
211
212 for (;;)
213 {
214 inbuf2 = inbuf + total;
215 unsigned char *tmp;
216
217 if (len + total > insize)
218 len = blocksize;
219
220 if (which == STATUS_ENCRYPT)
221 rc = gcry_cipher_encrypt (h, p, len, inbuf2, len);
222 else
223 rc = gcry_cipher_decrypt (h, p, len, inbuf2, len);
224
225 if (rc)
226 break;
227
228 tmp = inbuf + total;
229 memmove (tmp, p, len);
230 total += len;
231 if (total >= insize)
232 break;
233
234 #ifdef HAVE_PTHREAD_TESTCANCEL
235 pthread_testcancel ();
236 #endif
237 }
238
239 pthread_cleanup_pop (1);
240 return rc;
241 }
242
243 static void
244 cleanup_cipher (void *arg)
245 {
246 gcry_cipher_close ((gcry_cipher_hd_t) arg);
247 }
248
249 gpg_error_t
250 decrypt_data (assuan_context_t ctx, struct crypto_s *crypto,
251 unsigned char *salted_key, size_t skeylen)
252 {
253 gpg_error_t rc = 0;
254 unsigned char *key = salted_key;
255 size_t keylen = skeylen;
256 gcry_cipher_hd_t h = NULL;
257 size_t blocksize, keysize = 0;
258 int algo = cipher_to_gcrypt (crypto->hdr.flags);
259 void *outbuf = NULL;
260 uint64_t n = crypto->hdr.iterations;
261 long progress = 0;
262 #ifdef WITH_AGENT
263 gcry_sexp_t sig_sexp;
264
265 if (crypto->hdr.flags & PWMD_FLAG_PKCS)
266 {
267 rc = agent_extract_key (crypto, &key, &keylen);
268 if (rc)
269 return rc;
270
271 sig_sexp = gcry_sexp_find_token (crypto->ciphertext_sexp, "sig-val", 0);
272 if (!sig_sexp)
273 {
274 gcry_free (key);
275 return GPG_ERR_BAD_DATA;
276 }
277
278 rc = agent_verify (crypto->sigpkey_sexp, sig_sexp, crypto->ciphertext,
279 crypto->ciphertext_len);
280 gcry_sexp_release (sig_sexp);
281 }
282 #endif
283
284 if (!rc)
285 {
286 rc = gcry_cipher_open (&h, algo, GCRY_CIPHER_MODE_CBC, 0);
287 if (!rc)
288 {
289 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL,
290 &keysize);
291 if (!rc)
292 {
293 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_BLKLEN, NULL,
294 &blocksize);
295 if (!rc)
296 {
297 rc = gcry_cipher_setiv (h, crypto->hdr.iv,
298 sizeof (crypto->hdr.iv));
299 if (!rc)
300 {
301 rc = gcry_cipher_setkey (h, key, keylen);
302 }
303 }
304 }
305 }
306 }
307
308 pthread_cleanup_push (cleanup_cipher, rc ? NULL : h);
309
310 if (!rc)
311 {
312 outbuf = gcry_malloc (crypto->hdr.datalen);
313 if (!outbuf)
314 rc = GPG_ERR_ENOMEM;
315 }
316
317 pthread_cleanup_push (gcry_free, outbuf);
318 #ifdef WITH_AGENT
319 pthread_cleanup_push (gcry_free, key);
320 #endif
321
322 if (!rc)
323 {
324 memcpy (outbuf, crypto->ciphertext, crypto->hdr.datalen);
325 rc = iterate_crypto_once (h, outbuf, crypto->hdr.datalen, blocksize,
326 STATUS_DECRYPT);
327 if (!rc)
328 {
329 key[0] ^= 1;
330 rc = gcry_cipher_setkey (h, key, keylen);
331 }
332 }
333
334 if (!rc)
335 {
336 progress = config_get_long (NULL, "cipher_progress");
337 if (progress == -1)
338 progress = strtol (DEFAULT_ITERATION_PROGRESS, NULL, 10);
339 }
340
341 if (!rc && ctx && crypto->hdr.iterations)
342 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu", 0,
343 crypto->hdr.iterations);
344
345 for (n = 0; !rc && n < crypto->hdr.iterations; n++)
346 {
347 if (ctx && !(n % progress))
348 {
349 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu", n,
350 crypto->hdr.iterations);
351 if (rc)
352 break;
353 }
354
355 rc = gcry_cipher_setiv (h, crypto->hdr.iv, sizeof (crypto->hdr.iv));
356 if (rc)
357 break;
358
359 rc = iterate_crypto_once (h, outbuf, crypto->hdr.datalen, blocksize,
360 STATUS_DECRYPT);
361 }
362
363 if (!rc && ctx && crypto->hdr.iterations)
364 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu", n,
365 crypto->hdr.iterations);
366
367 #ifdef WITH_AGENT
368 pthread_cleanup_pop (0);
369 if (crypto->hdr.flags & PWMD_FLAG_PKCS)
370 gcry_free (key);
371 else if (key)
372 key[0] ^= 1;
373 #else
374 key[0] ^= 1;
375 #endif
376 pthread_cleanup_pop (rc ? 1 : 0); /* outbuf */
377 pthread_cleanup_pop (1); /* cipher */
378 if (!rc)
379 {
380 char buf[] = "<?xml ";
381
382 if (memcmp (outbuf, buf, sizeof(buf)-1))
383 {
384 gcry_free (outbuf);
385 return gpg_error (GPG_ERR_BAD_PASSPHRASE);
386 }
387
388 crypto->plaintext = outbuf;
389 crypto->plaintext_len = crypto->hdr.datalen;
390 }
391
392 return rc;
393 }
394
395 gpg_error_t
396 decrypt_xml (struct crypto_s * crypto, const void *data, size_t len)
397 {
398 gcry_cipher_hd_t h = NULL;
399 gpg_error_t rc;
400
401 rc = gcry_cipher_open (&h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
402 if (rc)
403 return rc;
404
405 gcry_free (crypto->plaintext);
406 crypto->plaintext = gcry_malloc (len);
407 if (!crypto->plaintext)
408 {
409 rc = GPG_ERR_ENOMEM;
410 goto done;
411 }
412
413 rc = gcry_cipher_setiv (h, cache_iv, cache_blocksize);
414 if (rc)
415 goto done;
416
417 rc = gcry_cipher_setkey (h, cache_key, cache_keysize);
418 if (rc)
419 goto done;
420
421 rc = gcry_cipher_decrypt (h, crypto->plaintext, len, data, len);
422 if (rc || strncmp (crypto->plaintext, "<?xml ", 6))
423 {
424 if (!rc)
425 rc = GPG_ERR_BAD_DATA;
426
427 gcry_free (crypto->plaintext);
428 crypto->plaintext = NULL;
429 }
430
431 crypto->plaintext_len = len;
432
433 done:
434 if (h)
435 gcry_cipher_close (h);
436
437 return rc;
438 }
439
440 gpg_error_t
441 encrypt_xml (assuan_context_t ctx, void *key, size_t keylen,
442 int algo, const void *xml, size_t len, void * *result,
443 size_t *result_len, unsigned char **iv, size_t * iv_len,
444 uint64_t iter)
445 {
446 gpg_error_t rc;
447 gcry_cipher_hd_t h;
448 size_t blocksize, keysize;
449 void *inbuf = NULL;
450 size_t olen = len;
451 uint64_t n = 0;
452 long progress;
453 unsigned char *tmpkey = NULL;
454 int free_iv = *(iv_len) == 0;
455
456 rc = gcry_cipher_open (&h, algo, GCRY_CIPHER_MODE_CBC, 0);
457 if (rc)
458 return rc;
459
460 pthread_cleanup_push (cleanup_cipher, h);
461 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &keysize);
462 if (!rc)
463 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_BLKLEN, NULL, &blocksize);
464
465 if (!rc && *(iv_len) == 0)
466 {
467 *(iv) = xmalloc (blocksize);
468 if (!*(iv))
469 rc = GPG_ERR_ENOMEM;
470
471 gcry_create_nonce (*(iv), blocksize);
472 }
473
474 pthread_cleanup_push (xfree, *(iv_len) == 0 ? *(iv) : NULL);
475 if (!rc)
476 {
477 *iv_len = blocksize;
478 tmpkey = gcry_malloc (keylen);
479 if (!tmpkey)
480 rc = GPG_ERR_ENOMEM;
481 }
482
483 pthread_cleanup_push (gcry_free, tmpkey);
484
485 if (!rc)
486 {
487 memcpy (tmpkey, key, keylen);
488 tmpkey[0] ^= 1;
489 rc = gcry_cipher_setkey (h, tmpkey, keylen);
490 if (!rc)
491 {
492 if (len % blocksize)
493 len += blocksize - (len % blocksize);
494 }
495 }
496
497 if (!rc)
498 {
499 inbuf = gcry_malloc (len);
500 if (!inbuf)
501 rc = GPG_ERR_ENOMEM;
502 }
503
504 pthread_cleanup_push (gcry_free, inbuf);
505
506 if (!rc)
507 {
508 memset (inbuf, 0, len);
509 memcpy (inbuf, xml, olen);
510 progress = config_get_long (NULL, "cipher_progress");
511 if (progress == -1)
512 progress = strtol (DEFAULT_ITERATION_PROGRESS, NULL, 10);
513
514 if (!rc && ctx && iter)
515 rc = send_status (ctx, STATUS_ENCRYPT, "%llu %llu", 0, iter);
516
517 for (n = 0; !rc && n < iter; n++)
518 {
519 if (ctx && !(n % progress))
520 {
521 rc = send_status (ctx, STATUS_ENCRYPT, "%llu %llu", n, iter);
522 if (rc)
523 break;
524 }
525
526 rc = gcry_cipher_setiv (h, *(iv), blocksize);
527 if (rc)
528 break;
529
530 rc = iterate_crypto_once (h, inbuf, len, blocksize, STATUS_ENCRYPT);
531 }
532 }
533
534 if (!rc && ctx && iter)
535 rc = send_status (ctx, STATUS_ENCRYPT, "%llu %llu", n, iter);
536
537 if (!rc)
538 {
539 /* Do at least one iteration. */
540 rc = gcry_cipher_setiv (h, *(iv), blocksize);
541 if (!rc)
542 {
543 rc = gcry_cipher_setkey (h, key, keylen);
544 if (!rc)
545 rc = iterate_crypto_once (h, inbuf, len, blocksize,
546 STATUS_ENCRYPT);
547 }
548 }
549
550 pthread_cleanup_pop (rc ? 1 : 0); /* inbuf */
551 pthread_cleanup_pop (1); /* tmpkey */
552 pthread_cleanup_pop (rc && free_iv ? 1 : 0); /* iv */
553 pthread_cleanup_pop (1); /* cipher */
554 *result = rc ? NULL : inbuf;
555 *result_len = len;
556 return rc;
557 }
558
559 void
560 cleanup_save (struct save_s *save)
561 {
562 if (!save)
563 return;
564
565 #ifdef WITH_AGENT
566 if (save->pkey)
567 gcry_sexp_release (save->pkey);
568
569 if (save->sigpkey)
570 gcry_sexp_release (save->sigpkey);
571 #endif
572
573 memset (save, 0, sizeof (struct save_s));
574 }
575
576 /* Keep the agent ctx to retain pinentry options which will be freed in
577 * cleanup_cb(). Also keep .pubkey since it may be needed for a SAVE. */
578 void
579 cleanup_crypto_stage1 (struct crypto_s *cr)
580 {
581 if (!cr)
582 return;
583
584 cleanup_save (&cr->save);
585
586 #ifdef WITH_AGENT
587 if (cr->ciphertext_sexp)
588 gcry_sexp_release (cr->ciphertext_sexp);
589
590 cr->ciphertext_sexp = NULL;
591 #endif
592
593 gcry_free (cr->plaintext);
594 xfree (cr->ciphertext);
595 xfree (cr->filename);
596 cr->filename = NULL;
597 cr->ciphertext = NULL;
598 cr->ciphertext_len = 0;
599 cr->plaintext = NULL;
600 cr->plaintext_len = 0;
601 }
602
603 void
604 cleanup_crypto_stage2 (struct crypto_s *cr)
605 {
606 if (!cr)
607 return;
608
609 cleanup_crypto_stage1 (cr);
610 set_header_defaults (&cr->hdr);
611 }
612
613 void
614 cleanup_crypto (struct crypto_s **c)
615 {
616 struct crypto_s *cr = *c;
617
618 if (!cr)
619 return;
620
621 cleanup_crypto_stage2 (cr);
622
623 #ifdef WITH_AGENT
624 if (cr->pkey_sexp)
625 gcry_sexp_release (cr->pkey_sexp);
626
627 if (cr->sigpkey_sexp)
628 gcry_sexp_release (cr->sigpkey_sexp);
629
630 if (cr->agent)
631 cleanup_agent (cr->agent);
632 #endif
633
634 xfree (cr);
635 *c = NULL;
636 }
637
638 gpg_error_t
639 init_client_crypto (struct crypto_s **crypto)
640 {
641 struct crypto_s *new = xcalloc (1, sizeof (struct crypto_s));
642 gpg_error_t rc;
643
644 if (!new)
645 {
646 rc = GPG_ERR_ENOMEM;
647 return rc;
648 }
649
650 #ifdef WITH_AGENT
651 if (use_agent)
652 {
653 rc = agent_init (&new->agent);
654 if (!rc)
655 {
656 rc = send_agent_common_options (new->agent);
657 if (!rc)
658 rc = agent_set_pinentry_options (new->agent);
659 }
660
661 if (rc)
662 {
663 xfree (new);
664 return rc;
665 }
666 }
667 #endif
668
669 set_header_defaults (&new->hdr);
670 *crypto = new;
671 return 0;
672 }
673
674 gpg_error_t
675 export_common (assuan_context_t ctx, int inquire, struct crypto_s * crypto,
676 const void *data, size_t datalen, const char *outfile,
677 const char *keyfile, void **rkey, size_t *rkeylen,
678 int use_cache, int force)
679 {
680 gpg_error_t rc = 0;
681 void *enc_xml = NULL;
682 size_t enc_xml_len = 0;
683 unsigned char *iv = NULL;
684 size_t iv_len = 0;
685 int algo = cipher_to_gcrypt (crypto->save.hdr.flags);
686 void *key = NULL, *salted_key = NULL;
687 size_t keysize, keylen;
688 int cached = 0;
689
690 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &keysize);
691 if (rc)
692 return rc;
693
694 if (keyfile)
695 {
696 int fd;
697 unsigned char *buf;
698 size_t len;
699 struct stat st;
700
701 if (stat (keyfile, &st) == -1)
702 return gpg_error_from_syserror ();
703
704 buf = gcry_malloc (st.st_size);
705 if (!buf)
706 return GPG_ERR_ENOMEM;
707
708 fd = open (keyfile, O_RDONLY);
709 if (fd == -1)
710 rc = gpg_error_from_syserror ();
711 else
712 {
713 len = read (fd, buf, st.st_size);
714 if (len != st.st_size)
715 rc = GPG_ERR_TOO_SHORT;
716 }
717
718 if (fd != -1)
719 close (fd);
720
721 key = buf;
722 keylen = st.st_size;
723 log_write (_("Using passphrase obtained from file '%s'"), keyfile);
724
725 if (!keylen)
726 {
727 char *tmp;
728
729 gcry_free (key);
730 tmp = gcry_malloc (1);
731 *tmp = 0;
732 key = tmp;
733 keylen++;
734 }
735 }
736 else
737 {
738 if (use_cache)
739 {
740 cache_lock ();
741 cached = cache_iscached (outfile, NULL) == 0;
742 if (cached)
743 {
744 struct cache_data_s *cdata = cache_get_data_filename (outfile);
745
746 salted_key = gcry_malloc (cdata->keylen);
747 if (salted_key)
748 {
749 memcpy (salted_key, cdata->key, cdata->keylen);
750 keysize = cdata->keylen;
751 }
752 else
753 rc = GPG_ERR_ENOMEM;
754 }
755
756 cache_unlock ();
757 }
758
759 if (!rc && !cached)
760 {
761 if (force) // SAVE
762 {
763 struct crypto_s *tmp = NULL;
764 gpg_error_t rc = init_client_crypto (&tmp);
765
766 if (!rc)
767 {
768 rc = read_data_file (outfile, tmp);
769 if (!rc)
770 {
771 rc = decrypt_common (ctx, inquire, tmp, outfile,
772 (char **)&key, &keylen);
773 if (rc)
774 gcry_free (key);
775 }
776 }
777
778 cleanup_crypto (&tmp);
779 if (rc && gpg_err_code (rc) == GPG_ERR_ENOENT)
780 use_cache = 0;
781 else if (rc)
782 return rc;
783 }
784
785 if (!use_cache) // PASSWD or new file
786 {
787 gcry_free (key);
788 if (inquire)
789 {
790 rc = inquire_passphrase (ctx, "NEW_PASSPHRASE",
791 (unsigned char **)&key, &keylen);
792 }
793 else
794 {
795 rc = getpin_common (outfile, PINENTRY_SAVE, (char **)&key,
796 &keylen);
797 }
798
799 if (rc)
800 return rc;
801 }
802 else
803 {
804 salted_key = key;
805 keysize = keylen;
806 cached = 1;
807 }
808 }
809 }
810
811 if (!rc && !cached)
812 {
813 rc = hash_key (algo, crypto->save.hdr.salt,
814 sizeof(crypto->save.hdr.salt), key, keylen, &salted_key,
815 &keysize);
816 gcry_free (key);
817 }
818
819 if (!rc)
820 rc = encrypt_xml (ctx, salted_key, keysize, algo, data, datalen,
821 &enc_xml, &enc_xml_len, &iv, &iv_len,
822 crypto->save.hdr.iterations);
823
824 if (!rc)
825 {
826 memcpy (crypto->save.hdr.iv, iv, iv_len);
827 xfree (iv);
828 crypto->save.hdr.datalen = enc_xml_len;
829 rc = write_file (crypto, outfile, enc_xml, enc_xml_len, NULL, 0, NULL,
830 NULL);
831 gcry_free (enc_xml);
832 if (!rc)
833 {
834 *rkey = salted_key;
835 *rkeylen = keysize;
836 memcpy (&crypto->hdr, &crypto->save.hdr, sizeof (file_header_t));
837 }
838 }
839
840 if (rc)
841 gcry_free (salted_key);
842
843 return rc;
844 }
845
846 #ifdef WITH_LIBACL
847 static void
848 cleanup_acl (void *arg)
849 {
850 acl_t acl = *(acl_t *) arg;
851
852 if (acl)
853 acl_free (acl);
854 }
855 #endif
856
857 gpg_error_t
858 write_file (struct crypto_s *crypto, const char *filename,
859 void *data, size_t data_len, void *sexp, size_t sexp_len,
860 void *pubkey, void *sigpkey)
861 {
862 char tmp[FILENAME_MAX] = { 0 };
863 mode_t mode = 0;
864 struct stat st;
865 int fd;
866 gpg_error_t rc = 0;
867 size_t len;
868 #ifdef WITH_LIBACL
869 acl_t acl = NULL;
870 #endif
871
872 if (filename)
873 {
874 if (lstat (filename, &st) == 0)
875 {
876 mode = st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO);
877
878 if (!(mode & S_IWUSR))
879 return GPG_ERR_EACCES;
880 }
881 else if (errno != ENOENT)
882 return gpg_error_from_syserror ();
883
884 snprintf (tmp, sizeof (tmp), "%s.XXXXXX", filename);
885 fd = mkstemp (tmp);
886 if (fd == -1)
887 {
888 rc = gpg_error_from_syserror ();
889 log_write ("%s: %s", tmp, pwmd_strerror (rc));
890 return rc;
891 }
892 }
893 else
894 {
895 // xml_import() or convert_file() from command line.
896 fd = STDOUT_FILENO;
897 }
898
899 pthread_cleanup_push (cleanup_unlink_cb, tmp);
900 crypto->save.hdr.version = VERSION_HEX;
901 len = write (fd, &crypto->save.hdr, sizeof (file_header_t));
902 if (len == sizeof (file_header_t))
903 {
904 if (crypto->save.hdr.flags & PWMD_FLAG_PKCS)
905 {
906 unsigned char grip[20];
907
908 gcry_pk_get_keygrip ((gcry_sexp_t) pubkey, grip);
909 len = write (fd, grip, sizeof (grip));
910 if (len == sizeof (grip))
911 {
912 gcry_pk_get_keygrip ((gcry_sexp_t) sigpkey, grip);
913 len = write (fd, grip, sizeof (grip));
914 if (len == sizeof (grip))
915 {
916 len = write (fd, data, data_len);
917 if (len == data_len)
918 {
919 len = write (fd, sexp, sexp_len);
920 if (len != sexp_len)
921 rc = gpg_error_from_syserror ();
922 }
923 else
924 rc = gpg_error_from_syserror ();
925 }
926 }
927 else
928 rc = gpg_error_from_syserror ();
929 }
930 else
931 {
932 len = write (fd, data, data_len);
933 if (len != data_len)
934 rc = gpg_error_from_syserror ();
935 }
936 }
937 else
938 rc = gpg_error_from_syserror ();
939
940 #ifdef WITH_LIBACL
941 pthread_cleanup_push (cleanup_acl, &acl);
942 #endif
943 if (!rc)
944 {
945 if (fsync (fd) != -1)
946 {
947 if (filename && close (fd) != -1)
948 {
949 #ifdef WITH_LIBACL
950 acl = acl_get_file (filename, ACL_TYPE_ACCESS);
951 if (!acl && errno == ENOENT)
952 acl = acl_get_file (".", ACL_TYPE_DEFAULT);
953 if (!acl)
954 log_write ("ACL: %s: %s", filename,
955 pwmd_strerror (gpg_error_from_syserror ()));
956 #endif
957
958 if (mode && config_get_boolean (filename, "backup"))
959 {
960 char tmp2[FILENAME_MAX];
961
962 snprintf (tmp2, sizeof (tmp2), "%s.backup", filename);
963 if (rename (filename, tmp2) == -1)
964 rc = gpg_error_from_syserror ();
965 }
966 }
967 else if (filename)
968 rc = gpg_error_from_syserror ();
969 }
970 else
971 rc = gpg_error_from_syserror ();
972 }
973
974 if (!rc)
975 {
976 if (filename && rename (tmp, filename) != -1)
977 {
978 tmp[0] = 0;
979 if (filename && mode)
980 chmod (filename, mode);
981
982 #ifdef WITH_LIBACL
983 if (acl && acl_set_file (filename, ACL_TYPE_ACCESS, acl))
984 log_write ("ACL: %s: %s", filename,
985 pwmd_strerror (gpg_error_from_syserror ()));
986 #endif
987 }
988 else
989 rc = gpg_error_from_syserror ();
990 }
991
992 #ifdef WITH_LIBACL
993 pthread_cleanup_pop (1);
994 #endif
995 pthread_cleanup_pop (rc ? 1 : 0); // unlink
996 return rc;
997 }
998
999 gpg_error_t
1000 hash_key (int algo, unsigned char *salt, size_t salt_len, const void *key,
1001 size_t keylen, void **result, size_t *rlen)
1002 {
1003 gpg_error_t rc;
1004 void *tmp;
1005
1006 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, rlen);
1007 if (rc)
1008 return rc;
1009
1010 tmp = xmalloc (*rlen);
1011 if (!tmp)
1012 return GPG_ERR_ENOMEM;
1013
1014 rc = gcry_kdf_derive(key, keylen, GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA1,
1015 salt, salt_len, DEFAULT_KDFS2K_ITERATIONS, *rlen, tmp);
1016 if (!rc)
1017 *result = tmp;
1018 else
1019 xfree (tmp);
1020
1021 return rc;
1022 }
1023
1024 gpg_error_t
1025 change_passwd (assuan_context_t ctx, const char *filename, int inquire,
1026 struct crypto_s **rcrypto)
1027 {
1028 unsigned char *key = NULL;
1029 size_t keylen = 0;
1030 struct crypto_s *crypto = NULL;
1031 gpg_error_t rc = init_client_crypto (&crypto);
1032
1033 if (rc)
1034 return rc;
1035
1036 crypto->client_ctx = ctx;
1037 rc = read_data_file (filename, crypto);
1038 if (rc)
1039 {
1040 cleanup_crypto (&crypto);
1041 return rc;
1042 }
1043
1044 rc = decrypt_common (ctx, inquire, crypto, filename, (char **)&key, &keylen);
1045 gcry_free (key);
1046 key = NULL;
1047 if (rc)
1048 {
1049 cleanup_crypto (&crypto);
1050 return rc;
1051 }
1052
1053 if (!rc)
1054 {
1055 memcpy (&crypto->save.hdr, &crypto->hdr, sizeof (file_header_t));
1056 rc = export_common (ctx, inquire, crypto, crypto->plaintext,
1057 crypto->plaintext_len, crypto->filename, NULL,
1058 (void **)&key, &keylen, 0, 0);
1059 }
1060
1061 if (!rc)
1062 {
1063 int cached;
1064
1065 rc = save_common (filename, crypto, crypto->plaintext,
1066 crypto->plaintext_len, key, keylen, &cached, 1);
1067 if (!rc)
1068 *rcrypto = crypto;
1069 }
1070
1071 if (rc)
1072 {
1073 gcry_free (key);
1074 cleanup_crypto (&crypto);
1075 }
1076
1077 return rc;
1078 }
1079
1080 // FIXME gcry_sexp_t is updated in cdata. make a temp var in case of failure.
1081 gpg_error_t
1082 save_common (const char *filename, struct crypto_s *crypto,
1083 const unsigned char *data, size_t datalen,
1084 const unsigned char *key, size_t keylen, int *cached, int no_agent)
1085 {
1086 struct cache_data_s *cdata;
1087 gpg_error_t rc;
1088
1089 /* This is safe since it is a fast operation. */
1090 cache_lock ();
1091 pthread_cleanup_push (cleanup_cache_mutex, NULL);
1092 cdata = cache_get_data_filename (filename);
1093 *cached = cdata != NULL;
1094
1095 if (!cdata)
1096 cdata = xcalloc (1, sizeof (struct cache_data_s));
1097
1098 #ifdef WITH_AGENT
1099 if (use_agent && !no_agent)
1100 {
1101 /* Update in case of any --keygrip argument */
1102 if (cdata->pubkey)
1103 gcry_sexp_release (cdata->pubkey);
1104
1105 gcry_sexp_build ((gcry_sexp_t *) & cdata->pubkey, NULL, "%S",
1106 crypto->pkey_sexp);
1107
1108 if (cdata->sigkey)
1109 gcry_sexp_release (cdata->sigkey);
1110
1111 gcry_sexp_build ((gcry_sexp_t *) & cdata->sigkey, NULL, "%S",
1112 crypto->sigpkey_sexp);
1113 }
1114 #endif
1115
1116 gcry_free (cdata->doc);
1117 cdata->doc = NULL;
1118 cdata->key = (unsigned char *)key;
1119 cdata->keylen = keylen;
1120 rc = encrypt_xml (NULL, cache_key, cache_keysize, GCRY_CIPHER_AES, data,
1121 datalen, &cdata->doc, &cdata->doclen, &cache_iv,
1122 &cache_blocksize, 0);
1123 if (!rc)
1124 {
1125 unsigned char md5file[16];
1126
1127 gcry_md_hash_buffer (GCRY_MD_MD5, md5file, filename, strlen (filename));
1128 rc = cache_set_data (md5file, cdata, crypto->grip);
1129 }
1130
1131 pthread_cleanup_pop (1); // mutex unlock
1132 return rc;
1133 }
1134
1135 gpg_error_t
1136 getpin_common (const char *filename, int which, char **rkey,
1137 size_t *rkeylen)
1138 {
1139 gpg_error_t rc;
1140 struct pinentry_s *pin = pinentry_init (filename);
1141
1142 rc = pinentry_getpin (pin, rkey, which);
1143 pinentry_deinit (pin);
1144 if (rc)
1145 return rc;
1146
1147 *rkeylen = strlen (*rkey);
1148 if (!(*rkeylen))
1149 (*rkeylen)++;
1150
1151 return rc;
1152 }
1153
1154 /* Note: 'key' is freed with gcry_free() and not xfree(). Although
1155 * both call xfree(). */
1156 gpg_error_t
1157 inquire_passphrase (assuan_context_t ctx, const char *keyword,
1158 unsigned char **result, size_t *rlen)
1159 {
1160 gpg_error_t rc;
1161
1162 assuan_begin_confidential (ctx);
1163 rc = assuan_inquire (ctx, keyword, result, rlen, 0);
1164 assuan_end_confidential (ctx);
1165 return rc;
1166 }
1167
1168 gpg_error_t
1169 decrypt_common (assuan_context_t ctx, int inquire, struct crypto_s *crypto,
1170 const char *filename, char **rkey, size_t *rkeylen)
1171 {
1172 char *key = NULL;
1173 size_t keylen = 0;
1174 gpg_error_t rc = read_data_file (filename, crypto);
1175 int algo = cipher_to_gcrypt (crypto->hdr.flags);
1176 void *salted_key = NULL;
1177 size_t keysize = 0;
1178
1179 if (rc)
1180 {
1181 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1182 return rc;
1183 }
1184
1185 key = config_get_string (filename, "passphrase");
1186 if (key)
1187 {
1188 log_write (_("Trying the passphrase specified in config ..."));
1189 keylen = strlen (key);
1190 }
1191
1192 if (!key)
1193 {
1194 key = config_get_string (filename, "passphrase_file");
1195 if (key)
1196 {
1197 char *tmp = expand_homedir (key);
1198 int fd;
1199 struct stat st;
1200
1201 xfree (key);
1202 key = tmp;
1203 log_write (_("Trying the passphrase using file '%s' ..."), key);
1204 fd = open (key, O_RDONLY);
1205 if (fd == -1)
1206 {
1207 log_write ("%s: %s", key,
1208 pwmd_strerror (gpg_error_from_syserror ()));
1209 xfree (key);
1210 return rc;
1211 }
1212
1213 stat (key, &st);
1214 xfree (key);
1215 key = xmalloc (st.st_size);
1216 if (key)
1217 {
1218 if (read (fd, key, st.st_size) != st.st_size)
1219 {
1220 log_write ("short read() count");
1221 rc = GPG_ERR_TOO_SHORT;
1222 }
1223 }
1224 else
1225 rc = GPG_ERR_ENOMEM;
1226
1227 close (fd);
1228
1229 if (rc)
1230 {
1231 log_write ("%s", pwmd_strerror (rc));
1232 xfree (key);
1233 return rc;
1234 }
1235
1236 keylen = st.st_size;
1237 if (!keylen)
1238 {
1239 tmp = xmalloc (1);
1240 *tmp = 0;
1241 xfree (key);
1242 key = tmp;
1243 keylen++;
1244 }
1245 }
1246 }
1247
1248 if (!key && !IS_PKCS (crypto) && inquire)
1249 {
1250 rc = inquire_passphrase (ctx, "PASSPHRASE", (unsigned char **)&key,
1251 &keylen);
1252 if (rc)
1253 {
1254 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1255 return rc;
1256 }
1257
1258 if (!keylen)
1259 keylen++;
1260 }
1261 else if (!key && !IS_PKCS (crypto))
1262 {
1263 struct pinentry_s *pin = pinentry_init (filename);
1264
1265 rc = pinentry_getpin (pin, &key, PINENTRY_OPEN);
1266 pinentry_deinit (pin);
1267 if (rc)
1268 {
1269 log_write ("%s", pwmd_strerror (rc));
1270 return rc;
1271 }
1272
1273 keylen = strlen (key);
1274 if (!keylen)
1275 keylen++;
1276 }
1277 #ifdef WITH_AGENT
1278 else if (key && IS_PKCS (crypto))
1279 {
1280 rc = set_agent_passphrase (crypto, key, keylen);
1281 if (rc)
1282 {
1283 xfree (key);
1284 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1285 return rc;
1286 }
1287 }
1288 #endif
1289
1290 if (key && !IS_PKCS (crypto))
1291 {
1292 rc = hash_key (algo, crypto->hdr.salt, sizeof(crypto->hdr.salt), key,
1293 keylen, &salted_key, &keysize);
1294 xfree (key);
1295 key = (char *)salted_key;
1296 keylen = keysize;
1297 if (rc)
1298 {
1299 xfree (salted_key);
1300 return rc;
1301 }
1302 }
1303
1304 xfree (crypto->filename);
1305 crypto->filename = str_dup (filename);
1306 rc = decrypt_data (NULL, crypto, (unsigned char *)key, keylen);
1307 if (rc)
1308 {
1309 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1310 xfree (key);
1311 }
1312 else
1313 {
1314 *rkey = key;
1315 *rkeylen = keylen;
1316 }
1317
1318 return rc;
1319 }
A server for managing passphrases and anything else.