2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012
3 Ben Kibbey <bjk@luxsci.net>
5 This file is part of pwmd.
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
27 #include <sys/types.h>
41 #include "pwmd-error.h"
46 #include "util-misc.h"
47 #include "util-string.h"
53 static uint8_t pwmd_magic
[5] = { '\177', 'P', 'W', 'M', 'D' };
55 static gpg_error_t
mem_realloc_cb(void *data
, const void *buffer
, size_t len
)
57 membuf_t
*mem
= (membuf_t
*)data
;
63 if ((p
= xrealloc(mem
->buf
, mem
->len
+ len
)) == NULL
)
67 memcpy((char *)mem
->buf
+ mem
->len
, buffer
, len
);
72 static gpg_error_t
status_cb(void * data
, const char *line
)
74 struct agent_s
*agent
= data
;
76 agent
->inquire_maxlen
= 0;
78 if (!strncmp(line
, "INQUIRE_MAXLEN ", 15)) {
79 agent
->inquire_maxlen
= atoi(line
+15);
80 if (!agent
->client_ctx
)
84 return send_status(agent
->client_ctx
, STATUS_AGENT
, "%s", line
);
87 static gpg_error_t
assuan_command(struct agent_s
*a
, char **result
,
88 size_t *len
, const char *cmd
)
98 rc
= assuan_transact(a
->ctx
, cmd
, mem_realloc_cb
, &a
->data
,
99 a
->inquire_cb
, a
->inquire_data
, status_cb
, a
);
105 mem_realloc_cb(&a
->data
, "", 1);
107 *result
= (char *)a
->data
.buf
;
119 /* This commands are sent from launch_agent() after reconnecting to the agent
120 * and also from the initial client connection. */
121 static gpg_error_t
send_agent_common_options(struct agent_s
*agent
)
125 rc
= send_to_agent(agent
, NULL
, NULL
, "OPTION cache-ttl-opt-preset=-1");
129 static gpg_error_t
launch_agent(struct agent_s
*agent
)
132 assuan_context_t ctx
;
133 const char *t
= NULL
;
134 static struct assuan_malloc_hooks mhooks
= { xmalloc
, xrealloc
, xfree
};
135 char *s
, buf
[LINE_MAX
];
138 s
= config_get_string("global", "agent_env_file");
140 char *ss
= expand_homedir(s
);
147 while ((s
= fgets(buf
, sizeof(buf
), fp
))) {
149 if (!strncmp(s
, "GPG_AGENT_INFO=", strlen("GPG_AGENT_INFO="))) {
150 setenv("GPG_AGENT_INFO", s
+strlen("GPG_AGENT_INFO="), 1);
158 log_write("%s: %s", s
, pwmd_strerror(gpg_error_from_syserror()));
161 t
= getenv("GPG_AGENT_INFO");
163 return gpg_error(GPG_ERR_NO_AGENT
);
165 rc
= assuan_new_ext(&ctx
, GPG_ERR_SOURCE_DEFAULT
, &mhooks
,
166 debug_level
? assuan_log_cb
: NULL
, "AGENT ");
170 char **fields
= str_split(t
, ":", 0);
171 rc
= assuan_socket_connect(ctx
, fields
[0], ASSUAN_INVALID_PID
, 0);
179 /* Restore the previous agent settings for this new context. */
180 assuan_release(agent
->ctx
);
182 rc
= send_agent_common_options(agent
);
183 if (!rc
&& agent
->display
)
184 rc
= set_agent_option(agent
, "display", agent
->display
);
186 if (!rc
&& agent
->ttyname
)
187 rc
= set_agent_option(agent
, "ttyname", agent
->ttyname
);
189 if (!rc
&& agent
->ttytype
)
190 rc
= set_agent_option(agent
, "ttytype", agent
->ttytype
);
192 if (!rc
&& agent
->lc_messages
)
193 rc
= set_agent_option(agent
, "lc-messages", agent
->lc_messages
);
195 if (!rc
&& agent
->lc_ctype
)
196 rc
= set_agent_option(agent
, "lc-ctype", agent
->lc_ctype
);
203 gpg_error_t
send_to_agent(struct agent_s
*agent
, char **result
, size_t *len
,
204 const char *fmt
, ...)
211 rc
= launch_agent(agent
);
217 if (str_vasprintf(&cmd
, fmt
, ap
) > 0) {
218 rc
= assuan_command(agent
, result
, len
, cmd
);
219 if (!agent
->restart
&& gpg_err_source(rc
) == GPG_ERR_SOURCE_DEFAULT
220 && (gpg_err_code(rc
) == GPG_ERR_ASS_CONNECT_FAILED
221 || gpg_err_code(rc
) == GPG_ERR_EPIPE
)) {
222 unsetenv("GPG_AGENT_INFO");
224 rc
= launch_agent(agent
);
226 rc
= assuan_command(agent
, result
, len
, cmd
);
239 static void agent_disconnect(struct agent_s
*agent
)
245 assuan_release(agent
->ctx
);
250 void cleanup_agent(struct agent_s
*agent
)
256 xfree(agent
->display
);
257 xfree(agent
->ttyname
);
258 xfree(agent
->ttytype
);
259 xfree(agent
->lc_messages
);
260 xfree(agent
->lc_ctype
);
263 agent_disconnect(agent
);
268 gpg_error_t
agent_init(struct agent_s
**agent
)
270 struct agent_s
*new = xcalloc(1, sizeof(struct agent_s
));
273 return GPG_ERR_ENOMEM
;
279 void set_header_defaults(file_header_t
*hdr
)
281 char *s
= config_get_string(NULL
, "cipher");
282 int flags
= cipher_string_to_cipher(s
);
285 memset(hdr
, 0, sizeof(file_header_t
));
286 memcpy(hdr
->magic
, pwmd_magic
, sizeof(hdr
->magic
));
288 log_write(_("Invalid 'cipher' in configuration file. Using a default of aes256."));
289 hdr
->flags
= flags
== -1 ? PWMD_CIPHER_AES256
: flags
;
290 hdr
->version
= VERSION_HEX
;
293 gpg_error_t
read_data_header(const char *filename
, file_header_t
*rhdr
,
294 struct stat
*rst
, int *rfd
)
302 if (lstat(filename
, &st
) == -1)
303 return gpg_error_from_syserror();
305 if (!S_ISREG(st
.st_mode
))
306 return GPG_ERR_ENOANO
;
308 fd
= open(filename
, O_RDONLY
);
310 return gpg_error_from_syserror();
312 len
= read(fd
, &hdr
, sizeof(file_header_t
));
313 if (len
!= sizeof(file_header_t
))
314 rc
= rc
== -1 ? gpg_error_from_syserror() : GPG_ERR_BAD_DATA
;
316 if (!rc
&& memcmp(hdr
.magic
, pwmd_magic
, sizeof(hdr
.magic
)))
317 rc
= GPG_ERR_BAD_DATA
;
318 else if (hdr
.version
< 0x030000)
319 rc
= GPG_ERR_UNKNOWN_VERSION
;
337 gpg_error_t
read_data_file(const char *filename
, struct crypto_s
*crypto
)
345 cleanup_crypto_stage1(crypto
);
346 rc
= read_data_header(filename
, &crypto
->hdr
, &st
, &fd
);
350 crypto
->ciphertext_len
= crypto
->hdr
.datalen
;
351 crypto
->ciphertext
= xmalloc(crypto
->hdr
.datalen
);
352 if (!crypto
->ciphertext
) {
357 rlen
= read(fd
, crypto
->grip
, 20);
359 rc
= rc
== -1 ? gpg_error_from_syserror() : GPG_ERR_BAD_DATA
;
363 rlen
= read(fd
, crypto
->sign_grip
, 20);
365 rc
= rc
== -1 ? gpg_error_from_syserror() : GPG_ERR_BAD_DATA
;
369 len
= read(fd
, crypto
->ciphertext
, crypto
->hdr
.datalen
);
370 if (len
!= crypto
->hdr
.datalen
) {
371 rc
= rc
== -1 ? gpg_error_from_syserror() : GPG_ERR_BAD_DATA
;
375 len
= st
.st_size
-sizeof(file_header_t
)-crypto
->hdr
.datalen
-40;
382 rlen
= read(fd
, buf
, len
);
384 rc
= rc
== -1 ? gpg_error_from_syserror() : GPG_ERR_BAD_DATA
;
388 rc
= gcry_sexp_new(&crypto
->ciphertext_sexp
, buf
, rlen
, 1);
392 if (crypto
->pkey_sexp
)
393 gcry_sexp_release(crypto
->pkey_sexp
);
395 if (crypto
->sigpkey_sexp
)
396 gcry_sexp_release(crypto
->sigpkey_sexp
);
398 crypto
->pkey_sexp
= crypto
->sigpkey_sexp
= NULL
;
399 rc
= get_pubkey_bin(crypto
, crypto
->grip
, &crypto
->pkey_sexp
);
401 rc
= get_pubkey_bin(crypto
, crypto
->sign_grip
, &crypto
->sigpkey_sexp
);
409 static gpg_error_t
inquire_cb(void * user
, const char *keyword
)
411 struct inquire_data_s
*idata
= user
;
413 if (!idata
->preset
&& (!strcmp(keyword
, "PASSPHRASE")
414 || !strcmp(keyword
, "NEW_PASSPHRASE"))) {
415 return agent_loopback_cb(idata
->crypto
, keyword
);
417 // SAVE --inquire-keyparam
418 else if (idata
->preset
&& !strcmp(keyword
, "KEYPARAM")) {
420 return agent_loopback_cb(idata
->crypto
, keyword
);
423 if (idata
->crypto
->agent
->inquire_maxlen
424 && idata
->len
> idata
->crypto
->agent
->inquire_maxlen
) {
425 log_write(_("Inquired data too large: have=%u, max=%u"), idata
->len
,
426 idata
->crypto
->agent
->inquire_maxlen
);
427 return GPG_ERR_TOO_LARGE
;
430 idata
->crypto
->agent
->inquire_maxlen
= 0;
431 return assuan_send_data(idata
->crypto
->agent
->ctx
, idata
->line
, idata
->len
);
434 static gpg_error_t
extract_key(struct crypto_s
*crypto
, unsigned char **result
,
438 gcry_sexp_t enc_sexp
= NULL
, tmp_sexp
;
439 struct inquire_data_s idata
= {0};
440 char *hexgrip
= NULL
;
442 size_t keylen
, keysize
;
444 int algo
= cipher_to_gcrypt(crypto
->hdr
.flags
);
447 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
451 tmp_sexp
= gcry_sexp_find_token(crypto
->ciphertext_sexp
, "enc-val", 0);
453 return GPG_ERR_BAD_DATA
;
455 hexgrip
= bin2hex(crypto
->grip
, sizeof(crypto
->grip
));
461 rc
= cache_is_shadowed(hexgrip
);
462 if (rc
&& rc
!= GPG_ERR_NO_DATA
)
465 shadowed
= !rc
? 1 : 0;
467 gcry_sexp_t tmp2_sexp
= gcry_sexp_cdr(tmp_sexp
);
468 gcry_sexp_release(tmp_sexp
);
469 tmp_sexp
= gcry_sexp_nth(tmp2_sexp
, 0);
470 gcry_sexp_release(tmp2_sexp
);
471 rc
= gcry_sexp_build(&enc_sexp
, NULL
, "(enc-val (flags pkcs1) %S)",
475 rc
= gcry_sexp_build(&enc_sexp
, NULL
, "%S", tmp_sexp
);
477 gcry_sexp_release(tmp_sexp
);
481 crypto
->agent
->inquire_cb
= inquire_cb
;
482 idata
.crypto
= crypto
;
483 idata
.len
= gcry_sexp_sprint(enc_sexp
, GCRYSEXP_FMT_CANON
, NULL
, 0);
484 idata
.line
= xmalloc(idata
.len
);
490 idata
.len
= gcry_sexp_sprint(enc_sexp
, GCRYSEXP_FMT_CANON
, idata
.line
,
492 crypto
->agent
->inquire_data
= &idata
;
493 gcry_sexp_release(enc_sexp
);
495 log_write1(_("Keygrip is %s, bits=%i"), hexgrip
,
496 gcry_pk_get_nbits(crypto
->pkey_sexp
));
497 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
, "SETKEY %s", hexgrip
);
501 if (!crypto
->agent
->desc
) {
503 "A %s is required to unlock the secret key for the "
504 "encrypted data file \"%s\". Please enter the %s "
506 shadowed
? "PIN" : _("passphrase"), crypto
->filename
,
507 shadowed
? "PIN" : _("passphrase"));
510 tmp
= plus_escape(crypto
->agent
->desc
);
512 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
, "SETKEYDESC %s", tmp
);
517 assuan_begin_confidential(crypto
->agent
->ctx
);
518 rc
= send_to_agent(crypto
->agent
, &key
, &keylen
, "PKDECRYPT");
519 assuan_end_confidential(crypto
->agent
->ctx
);
523 rc
= gcry_sexp_new(&tmp_sexp
, key
, keylen
, 1);
528 key
= (char *)gcry_sexp_nth_data(tmp_sexp
, 1, result_len
);
530 *result
= gcry_malloc(*result_len
);
534 memcpy(*result
, key
, *result_len
);
537 rc
= GPG_ERR_BAD_DATA
;
539 gcry_sexp_release(tmp_sexp
);
546 gcry_sexp_release(enc_sexp
);
551 static gpg_error_t
verify(gcry_sexp_t pkey
, gcry_sexp_t sig_sexp
,
552 const void * data
, size_t len
)
555 unsigned hashlen
= gcry_md_get_algo_dlen(GCRY_MD_SHA256
);
557 gcry_sexp_t data_sexp
;
559 hash
= gcry_malloc(hashlen
);
561 return GPG_ERR_ENOMEM
;
563 gcry_md_hash_buffer(GCRY_MD_SHA256
, hash
, data
, len
);
564 rc
= gcry_sexp_build(&data_sexp
, NULL
,
565 "(data (flags pkcs1) (hash sha256 %b))", hashlen
, hash
);
568 rc
= gcry_pk_verify(sig_sexp
, data_sexp
, pkey
);
569 gcry_sexp_release(data_sexp
);
575 #define CRYPTO_BLOCKSIZE(c) (blocksize * 1024)
578 * Useful for a large amount of data. Rather than doing all of the data in one
579 * iteration do it in chunks. This lets the command be cancelable rather than
580 * waiting for it to complete.
582 static gpg_error_t
iterate_crypto_once(gcry_cipher_hd_t h
, unsigned char *inbuf
,
583 size_t insize
, size_t blocksize
, status_msg_t which
)
586 off_t len
= CRYPTO_BLOCKSIZE(blocksize
);
587 void * p
= gcry_malloc(len
);
589 unsigned char *inbuf2
;
592 return GPG_ERR_ENOMEM
;
594 if (insize
< CRYPTO_BLOCKSIZE(blocksize
))
597 pthread_cleanup_push(gcry_free
, p
);
600 inbuf2
= inbuf
+total
;
603 if (len
+ total
> insize
)
606 if (which
== STATUS_ENCRYPT
)
607 rc
= gcry_cipher_encrypt(h
, p
, len
, inbuf2
, len
);
609 rc
= gcry_cipher_decrypt(h
, p
, len
, inbuf2
, len
);
615 memmove(tmp
, p
, len
);
620 #ifdef HAVE_PTHREAD_TESTCANCEL
621 pthread_testcancel();
625 pthread_cleanup_pop(1);
629 static void cleanup_cipher(void *arg
)
631 gcry_cipher_close((gcry_cipher_hd_t
)arg
);
634 gpg_error_t
decrypt_data(assuan_context_t ctx
, struct crypto_s
*crypto
)
637 unsigned char *key
= NULL
;
639 gcry_cipher_hd_t h
= NULL
;
640 size_t blocksize
, keysize
;
641 int algo
= cipher_to_gcrypt(crypto
->hdr
.flags
);
642 void * outbuf
= NULL
;
643 gcry_sexp_t sig_sexp
;
644 uint64_t n
= crypto
->hdr
.iterations
;
647 rc
= extract_key(crypto
, &key
, &keylen
);
651 sig_sexp
= gcry_sexp_find_token(crypto
->ciphertext_sexp
, "sig-val", 0);
654 return GPG_ERR_BAD_DATA
;
657 pthread_cleanup_push(gcry_free
, key
);
658 rc
= verify(crypto
->sigpkey_sexp
, sig_sexp
, crypto
->ciphertext
, crypto
->ciphertext_len
);
659 gcry_sexp_release(sig_sexp
);
662 rc
= gcry_cipher_open(&h
, algo
, GCRY_CIPHER_MODE_CBC
, 0);
664 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_KEYLEN
, NULL
,
667 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_BLKLEN
, NULL
,
670 rc
= gcry_cipher_setiv(h
, crypto
->hdr
.iv
,
671 sizeof(crypto
->hdr
.iv
));
673 rc
= gcry_cipher_setkey(h
, key
, keylen
);
680 pthread_cleanup_push(cleanup_cipher
, rc
? NULL
: h
);
683 outbuf
= gcry_malloc(crypto
->hdr
.datalen
);
688 pthread_cleanup_push(gcry_free
, outbuf
);
691 memcpy(outbuf
, crypto
->ciphertext
, crypto
->hdr
.datalen
);
692 rc
= iterate_crypto_once(h
, outbuf
, crypto
->hdr
.datalen
, blocksize
,
696 rc
= gcry_cipher_setkey(h
, key
, keylen
);
701 progress
= config_get_long(NULL
, "cipher_progress");
703 progress
= strtol(DEFAULT_ITERATION_PROGRESS
, NULL
, 10);
706 if (!rc
&& ctx
&& crypto
->hdr
.iterations
)
707 rc
= send_status(ctx
, STATUS_DECRYPT
, "%llu %llu", 0,
708 crypto
->hdr
.iterations
);
710 for (n
= 0; !rc
&& n
< crypto
->hdr
.iterations
; n
++) {
711 if (ctx
&& !(n
%progress
)) {
712 rc
= send_status(ctx
, STATUS_DECRYPT
, "%llu %llu", n
,
713 crypto
->hdr
.iterations
);
718 rc
= gcry_cipher_setiv(h
, crypto
->hdr
.iv
, sizeof(crypto
->hdr
.iv
));
722 rc
= iterate_crypto_once(h
, outbuf
, crypto
->hdr
.datalen
, blocksize
,
726 if (!rc
&& ctx
&& crypto
->hdr
.iterations
)
727 rc
= send_status(ctx
, STATUS_DECRYPT
, "%llu %llu", n
,
728 crypto
->hdr
.iterations
);
730 pthread_cleanup_pop(rc
? 1 : 0); // outbuf
731 pthread_cleanup_pop(1); // cipher
732 pthread_cleanup_pop(1); // key
734 crypto
->plaintext
= outbuf
;
735 crypto
->plaintext_len
= crypto
->hdr
.datalen
;
741 gpg_error_t
decrypt_xml(struct crypto_s
*crypto
, const void * data
,
744 gcry_cipher_hd_t h
= NULL
;
747 rc
= gcry_cipher_open(&h
, GCRY_CIPHER_AES
, GCRY_CIPHER_MODE_CBC
, 0);
751 gcry_free(crypto
->plaintext
);
752 crypto
->plaintext
= gcry_malloc(len
);
753 if (!crypto
->plaintext
) {
758 rc
= gcry_cipher_setiv(h
, cache_iv
, cache_blocksize
);
762 rc
= gcry_cipher_setkey(h
, cache_key
, cache_keysize
);
766 rc
= gcry_cipher_decrypt(h
, crypto
->plaintext
, len
, data
, len
);
768 gcry_free(crypto
->plaintext
);
769 crypto
->plaintext
= NULL
;
772 crypto
->plaintext_len
= len
;
776 gcry_cipher_close(h
);
781 gpg_error_t
encrypt_xml(assuan_context_t ctx
, void * key
, size_t keylen
,
782 int algo
, const void * xml
, size_t len
, void * *result
, size_t
783 *result_len
, unsigned char **iv
, size_t *iv_len
, uint64_t iter
)
787 size_t blocksize
, keysize
;
792 unsigned char *tmpkey
= NULL
;
793 int free_iv
= *(iv_len
) == 0;
795 rc
= gcry_cipher_open(&h
, algo
, GCRY_CIPHER_MODE_CBC
, 0);
799 pthread_cleanup_push(cleanup_cipher
, h
);
800 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
802 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_BLKLEN
, NULL
, &blocksize
);
804 if (!rc
&& *(iv_len
) == 0) {
805 *(iv
) = xmalloc(blocksize
);
809 gcry_create_nonce(*(iv
), blocksize
);
812 pthread_cleanup_push(xfree
, *(iv_len
) == 0 ? *(iv
) : NULL
);
815 tmpkey
= gcry_malloc(keylen
);
820 pthread_cleanup_push(gcry_free
, tmpkey
);
823 memcpy(tmpkey
, key
, keylen
);
825 rc
= gcry_cipher_setkey(h
, tmpkey
, keylen
);
828 len
+= blocksize
-(len
%blocksize
);
833 inbuf
= gcry_malloc(len
);
838 pthread_cleanup_push(gcry_free
, inbuf
);
841 memset(inbuf
, 0, len
);
842 memcpy(inbuf
, xml
, olen
);
843 progress
= config_get_long(NULL
, "cipher_progress");
845 progress
= strtol(DEFAULT_ITERATION_PROGRESS
, NULL
, 10);
847 if (!rc
&& ctx
&& iter
)
848 rc
= send_status(ctx
, STATUS_ENCRYPT
, "%llu %llu", 0, iter
);
850 for (n
= 0; !rc
&& n
< iter
; n
++) {
851 if (ctx
&& !(n
%progress
)) {
852 rc
= send_status(ctx
, STATUS_ENCRYPT
, "%llu %llu", n
, iter
);
857 rc
= gcry_cipher_setiv(h
, *(iv
), blocksize
);
861 rc
= iterate_crypto_once(h
, inbuf
, len
, blocksize
, STATUS_ENCRYPT
);
865 if (!rc
&& ctx
&& iter
)
866 rc
= send_status(ctx
, STATUS_ENCRYPT
, "%llu %llu", n
, iter
);
869 /* Do at least one iteration. */
870 rc
= gcry_cipher_setiv(h
, *(iv
), blocksize
);
872 rc
= gcry_cipher_setkey(h
, key
, keylen
);
874 rc
= iterate_crypto_once(h
, inbuf
, len
, blocksize
,
879 pthread_cleanup_pop(rc
? 1 : 0); // inbuf
880 pthread_cleanup_pop(1); // tmpkey
881 pthread_cleanup_pop(rc
&& free_iv
? 1 : 0); // iv
882 pthread_cleanup_pop(1); // cipher
883 *result
= rc
? NULL
: inbuf
;
888 gpg_error_t
agent_loopback_cb(void * user
, const char *keyword
)
890 struct crypto_s
*crypto
= user
;
892 unsigned char *result
;
896 if (!strcmp(keyword
, "KEYPARAM")) {
898 rc
= assuan_inquire(crypto
->client_ctx
, keyword
, &result
, &len
, 0);
900 else { // PASSPHRASE or NEW_PASSPHRASE
901 assuan_begin_confidential(crypto
->client_ctx
);
902 rc
= assuan_inquire(crypto
->client_ctx
, keyword
, &result
, &len
, 0);
903 assuan_end_confidential(crypto
->client_ctx
);
907 if (keyparam
&& !len
) {
908 char *tmp
= default_key_params(crypto
);
911 return gpg_error(GPG_ERR_ENOMEM
);
914 result
= xmalloc(len
);
915 memcpy(result
, tmp
, len
);
919 pthread_cleanup_push(xfree
, result
);
922 rc
= assuan_send_data(crypto
->agent
->ctx
, result
, len
);
924 assuan_begin_confidential(crypto
->agent
->ctx
);
925 rc
= assuan_send_data(crypto
->agent
->ctx
, result
, len
);
926 assuan_end_confidential(crypto
->agent
->ctx
);
929 pthread_cleanup_pop(1);
931 else if (gpg_err_code(rc
) == GPG_ERR_ASS_CANCELED
) {
932 gpg_error_t arc
= assuan_write_line(crypto
->agent
->ctx
, "CAN");
938 arc
= assuan_read_line(crypto
->agent
->ctx
, &line
, &len
);
949 static gpg_error_t
sign(gcry_sexp_t
*rsexp
, const char *sign_hexgrip
,
950 struct crypto_s
*crypto
, const void * data
, size_t len
)
954 char *tmp
= sign_hexgrip
? str_dup(sign_hexgrip
)
955 : bin2hex(crypto
->grip
, sizeof(crypto
->grip
));
957 pthread_cleanup_push(xfree
, tmp
);
958 log_write1(_("Signed with keygrip %s"), tmp
);
959 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
, "SIGKEY %s", tmp
);
960 pthread_cleanup_pop(1);
963 unsigned hashlen
= gcry_md_get_algo_dlen(GCRY_MD_SHA256
);
965 hash
= gcry_malloc(hashlen
);
967 return GPG_ERR_ENOMEM
;
969 gcry_md_hash_buffer(GCRY_MD_SHA256
, hash
, data
, len
);
970 tmp
= bin2hex(hash
, hashlen
);
972 pthread_cleanup_push(xfree
, tmp
);
973 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
,
974 "SETHASH --hash=sha256 %s", tmp
);
975 pthread_cleanup_pop(1);
979 struct inquire_data_s idata
= {0};
981 idata
.crypto
= crypto
;
982 crypto
->agent
->inquire_data
= &idata
;
983 crypto
->agent
->inquire_cb
= inquire_cb
;
984 rc
= send_to_agent(crypto
->agent
, &result
, &len
, "PKSIGN");
986 rc
= gcry_sexp_sscan(rsexp
, NULL
, result
, len
);
995 static void cleanup_acl(void *arg
)
997 acl_t acl
= *(acl_t
*)arg
;
1004 static gpg_error_t
write_file(struct crypto_s
*crypto
, const char *filename
,
1005 void * data
, size_t data_len
, void * sexp
, size_t sexp_len
,
1006 gcry_sexp_t pubkey
, gcry_sexp_t sigpkey
)
1008 char tmp
[FILENAME_MAX
] = { 0 };
1019 if (lstat(filename
, &st
) == 0) {
1020 mode
= st
.st_mode
& (S_IRWXU
|S_IRWXG
|S_IRWXO
);
1022 if (!(mode
& S_IWUSR
))
1023 return GPG_ERR_EACCES
;
1025 else if (errno
!= ENOENT
)
1026 return gpg_error_from_syserror();
1028 snprintf(tmp
, sizeof(tmp
), "%s.XXXXXX", filename
);
1031 rc
= gpg_error_from_syserror();
1032 log_write("%s: %s", tmp
, pwmd_strerror(rc
));
1037 // xml_import() or convert_file() from command line.
1041 pthread_cleanup_push(cleanup_unlink_cb
, tmp
);
1042 crypto
->save
.hdr
.version
= VERSION_HEX
;
1043 len
= write(fd
, &crypto
->save
.hdr
, sizeof(file_header_t
));
1044 if (len
== sizeof(file_header_t
)) {
1045 unsigned char grip
[20];
1047 gcry_pk_get_keygrip(pubkey
, grip
);
1048 len
= write(fd
, grip
, sizeof(grip
));
1049 if (len
== sizeof(grip
)) {
1050 gcry_pk_get_keygrip(sigpkey
, grip
);
1051 len
= write(fd
, grip
, sizeof(grip
));
1052 if (len
== sizeof(grip
)) {
1053 len
= write(fd
, data
, data_len
);
1054 if (len
== data_len
) {
1055 len
= write(fd
, sexp
, sexp_len
);
1056 if (len
!= sexp_len
)
1057 rc
= gpg_error_from_syserror();
1060 rc
= gpg_error_from_syserror();
1064 rc
= gpg_error_from_syserror();
1067 rc
= gpg_error_from_syserror();
1070 pthread_cleanup_push(cleanup_acl
, &acl
);
1073 if (fsync(fd
) != -1) {
1074 if (filename
&& close(fd
) != -1) {
1076 acl
= acl_get_file(filename
, ACL_TYPE_ACCESS
);
1077 if (!acl
&& errno
== ENOENT
)
1078 acl
= acl_get_file(".", ACL_TYPE_DEFAULT
);
1080 log_write("ACL: %s: %s", filename
,
1081 pwmd_strerror(gpg_error_from_syserror()));
1084 if (mode
&& config_get_boolean(filename
, "backup")) {
1085 char tmp2
[FILENAME_MAX
];
1087 snprintf(tmp2
, sizeof(tmp2
), "%s.backup", filename
);
1088 if (rename(filename
, tmp2
) == -1)
1089 rc
= gpg_error_from_syserror();
1093 rc
= gpg_error_from_syserror();
1096 rc
= gpg_error_from_syserror();
1100 if (filename
&& rename(tmp
, filename
) != -1) {
1102 if (filename
&& mode
)
1103 chmod(filename
, mode
);
1106 if (acl
&& acl_set_file(filename
, ACL_TYPE_ACCESS
, acl
))
1107 log_write("ACL: %s: %s", filename
,
1108 pwmd_strerror(gpg_error_from_syserror()));
1112 rc
= gpg_error_from_syserror();
1116 pthread_cleanup_pop(1);
1118 pthread_cleanup_pop(rc
? 1 : 0); // unlink
1122 gpg_error_t
encrypt_data_file(assuan_context_t ctx
, struct crypto_s
*crypto
,
1123 gcry_sexp_t pubkey
, gcry_sexp_t sigpkey
, const char *filename
, const
1124 void * xml
, size_t len
)
1128 size_t data_len
= 0;
1129 void * enc_xml
= NULL
;
1130 size_t enc_xml_len
= 0;
1131 unsigned char *iv
= NULL
;
1133 int algo
= cipher_to_gcrypt(crypto
->save
.hdr
.flags
);
1136 unsigned char sig_grip
[20];
1137 unsigned char grip
[20];
1139 rc
= gcry_cipher_algo_info(algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
1143 pthread_cleanup_push(gcry_free
, key
);
1144 key
= gcry_random_bytes_secure(keysize
, GCRY_STRONG_RANDOM
);
1145 #ifdef HAVE_PTHREAD_TESTCANCEL
1146 pthread_testcancel(); // may have been a long operation
1148 pthread_cleanup_pop(0);
1150 return GPG_ERR_ENOMEM
;
1152 gcry_pk_get_keygrip(pubkey
, grip
);
1153 gcry_pk_get_keygrip(sigpkey
, sig_grip
);
1154 pthread_cleanup_push(xfree
, iv
);
1155 pthread_cleanup_push(gcry_free
, key
);
1156 rc
= encrypt_xml(ctx
, key
, keysize
, algo
, xml
, len
, &enc_xml
, &enc_xml_len
,
1157 &iv
, &iv_len
, crypto
->save
.hdr
.iterations
);
1159 gcry_sexp_t sig_sexp
= NULL
;
1160 char *hexgrip
= bin2hex(grip
, 20);
1162 log_write1(_("Encrypted with keygrip %s"), hexgrip
);
1164 hexgrip
= bin2hex(sig_grip
, 20);
1165 pthread_cleanup_push(gcry_free
, enc_xml
);
1166 rc
= sign(&sig_sexp
, hexgrip
, crypto
, enc_xml
, enc_xml_len
);
1170 rc
= verify(sigpkey
, sig_sexp
, enc_xml
, enc_xml_len
);
1173 gcry_sexp_t tmp_sexp
;
1175 rc
= gcry_sexp_build(&tmp_sexp
, NULL
,
1176 "(data (flags pkcs1) (value %b))", keysize
, key
);
1178 gcry_sexp_t key_sexp
;
1180 pthread_cleanup_push((void (*)(void*))gcry_sexp_release
,
1182 rc
= gcry_pk_encrypt(&key_sexp
, tmp_sexp
, pubkey
);
1183 pthread_cleanup_pop(0);
1184 gcry_sexp_release(tmp_sexp
);
1187 memcpy(crypto
->save
.hdr
.iv
, iv
, iv_len
);
1188 crypto
->save
.hdr
.datalen
= enc_xml_len
;
1189 rc
= gcry_sexp_build(&tmp_sexp
, NULL
, "%S%S", key_sexp
,
1191 gcry_sexp_release(key_sexp
);
1194 data_len
= gcry_sexp_sprint(tmp_sexp
,
1195 GCRYSEXP_FMT_CANON
, NULL
, 0);
1196 data
= xmalloc(data_len
);
1198 gcry_sexp_sprint(tmp_sexp
, GCRYSEXP_FMT_CANON
,
1201 rc
= GPG_ERR_ENOMEM
;
1203 gcry_sexp_release(tmp_sexp
);
1210 pthread_cleanup_pop(0); // enc_xml
1213 gcry_sexp_release(sig_sexp
);
1216 pthread_cleanup_pop(1); // key
1217 pthread_cleanup_pop(1); // iv
1220 pthread_cleanup_push(gcry_free
, enc_xml
);
1221 rc
= write_file(crypto
, filename
, enc_xml
, enc_xml_len
, data
, data_len
,
1223 pthread_cleanup_pop(1); // enc_xml
1225 memcpy(&crypto
->hdr
, &crypto
->save
.hdr
, sizeof(file_header_t
));
1232 void cleanup_save(struct save_s
*save
)
1238 gcry_sexp_release(save
->pkey
);
1241 gcry_sexp_release(save
->sigpkey
);
1243 memset(save
, 0, sizeof(struct save_s
));
1246 /* Keep the agent ctx to retain pinentry options which will be freed in
1247 * cleanup_cb(). Also keep .pubkey since it may be needed for a SAVE. */
1248 void cleanup_crypto_stage1(struct crypto_s
*cr
)
1253 cleanup_save(&cr
->save
);
1255 if (cr
->ciphertext_sexp
)
1256 gcry_sexp_release(cr
->ciphertext_sexp
);
1259 gcry_free(cr
->plaintext
);
1261 xfree(cr
->ciphertext
);
1262 xfree(cr
->filename
);
1263 cr
->filename
= NULL
;
1264 cr
->ciphertext_sexp
= NULL
;
1265 cr
->ciphertext
= NULL
;
1266 cr
->ciphertext_len
= 0;
1267 cr
->plaintext
= NULL
;
1268 cr
->plaintext_len
= 0;
1271 void cleanup_crypto_stage2(struct crypto_s
*cr
)
1276 cleanup_crypto_stage1(cr
);
1277 set_header_defaults(&cr
->hdr
);
1280 void cleanup_crypto(struct crypto_s
**c
)
1282 struct crypto_s
*cr
= *c
;
1287 cleanup_crypto_stage2(cr
);
1290 gcry_sexp_release(cr
->pkey_sexp
);
1292 if (cr
->sigpkey_sexp
)
1293 gcry_sexp_release(cr
->sigpkey_sexp
);
1296 cleanup_agent(cr
->agent
);
1302 gpg_error_t
init_client_crypto(struct crypto_s
**crypto
)
1304 struct crypto_s
*new = xcalloc(1, sizeof(struct crypto_s
));
1308 log_write("%s(%i): %s", __FILE__
, __LINE__
, pwmd_strerror(GPG_ERR_ENOMEM
));
1309 return GPG_ERR_ENOMEM
;
1312 rc
= agent_init(&new->agent
);
1314 rc
= send_agent_common_options(new->agent
);
1316 rc
= set_pinentry_options(new->agent
);
1324 set_header_defaults(&new->hdr
);
1329 gpg_error_t
generate_key(struct crypto_s
*crypto
, char *sexpstr
,
1330 int empty
, int preset
)
1336 if (crypto
->save
.s2k_count
) {
1337 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
,
1338 "OPTION s2k-count=%lu", crypto
->save
.s2k_count
);
1343 if (!crypto
->agent
->inquire_cb
)
1344 crypto
->agent
->inquire_cb
= inquire_cb
;
1346 rc
= send_to_agent(crypto
->agent
, &pkey
, &plen
, "GENKEY %s%s",
1347 preset
? "--preset " : "",
1348 empty
? "--no-protection" : "");
1352 if (crypto
->save
.pkey
)
1353 gcry_sexp_release(crypto
->save
.pkey
);
1355 crypto
->save
.pkey
= NULL
;
1356 rc
= gcry_sexp_new(&crypto
->save
.pkey
, pkey
, plen
, 1);
1358 unsigned char grip
[20];
1360 gcry_pk_get_keygrip(crypto
->save
.pkey
, grip
);
1361 char *hexgrip
= bin2hex(grip
, sizeof(grip
));
1362 log_write1(_("Keygrip is %s"), hexgrip
);
1365 if (!crypto
->save
.sigpkey
) {
1366 gcry_sexp_build((gcry_sexp_t
*)&crypto
->save
.sigpkey
, NULL
, "%S",
1375 gpg_error_t
set_agent_option(struct agent_s
*agent
, const char *name
,
1378 return send_to_agent(agent
, NULL
, NULL
, "OPTION %s=%s", name
, value
);
1381 gpg_error_t
set_agent_passphrase(struct crypto_s
*crypto
, const char *key
,
1385 struct inquire_data_s idata
;
1389 /* This is for use with key files or passphrases obtained from an inquire.
1390 * gpg-agent uses strings as passphrases and will truncate the passphrase
1391 * at the first encountered null byte. It's only a warning because the
1392 * passphrase may belong to a key shared outside of pwmd. */
1393 for (i
= 0; i
< len
; i
++) {
1395 log_write(_("WARNING: keylen=%i, truncated to %i."), len
, i
);
1400 hexgrip
= bin2hex(crypto
->grip
, 20);
1401 crypto
->agent
->inquire_cb
= inquire_cb
;
1402 crypto
->agent
->inquire_data
= &idata
;
1403 idata
.crypto
= crypto
;
1404 idata
.line
= (char *)key
,
1407 assuan_begin_confidential(crypto
->agent
->ctx
);
1408 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
,
1409 "PRESET_PASSPHRASE --inquire %s -1", hexgrip
);
1410 assuan_end_confidential(crypto
->agent
->ctx
);
1416 gpg_error_t
set_pinentry_mode(struct agent_s
*agent
, const char *mode
)
1418 return set_agent_option(agent
, "pinentry-mode", mode
);
1421 gpg_error_t
get_pubkey_bin(struct crypto_s
*crypto
, const unsigned char *grip
,
1422 gcry_sexp_t
*result
)
1424 char *hexgrip
= bin2hex(grip
, 20);
1428 return GPG_ERR_ENOMEM
;
1430 rc
= get_pubkey(crypto
, hexgrip
, result
);
1435 gpg_error_t
get_pubkey(struct crypto_s
*crypto
, const char *grip
,
1436 gcry_sexp_t
*result
)
1442 rc
= send_to_agent(crypto
->agent
, &pkey
, &plen
, "READKEY %s", grip
);
1444 rc
= gcry_sexp_new(result
, pkey
, plen
, 1);
1450 gpg_error_t
set_pinentry_options(struct agent_s
*agent
)
1454 if (getenv("DISPLAY")) {
1455 rc
= set_agent_option(agent
, "display", getenv("DISPLAY"));
1457 xfree(agent
->display
);
1458 agent
->display
= str_dup(getenv("DISPLAY"));
1461 else if (ttyname(STDOUT_FILENO
)) {
1462 rc
= set_agent_option(agent
, "ttyname", ttyname(STDOUT_FILENO
));
1464 rc
= set_agent_option(agent
, "ttytype", getenv("TERM"));
1466 xfree(agent
->ttyname
);
1467 xfree(agent
->ttytype
);
1468 agent
->ttyname
= str_dup(ttyname(STDOUT_FILENO
));
1469 agent
->ttytype
= str_dup(getenv("TERM"));
1477 static gpg_error_t
inquire_keyfile(void * user
, const char *keyword
)
1479 struct crypto_s
*crypto
= user
;
1480 char *filename
= crypto
->agent
->inquire_data2
;
1481 char *params
= crypto
->agent
->inquire_data3
;
1488 if (!strcmp(keyword
, "KEYPARAM"))
1489 return assuan_send_data(crypto
->agent
->ctx
, params
, strlen(params
));
1491 // This function is only used when generating a new keypair.
1492 if (strcmp(keyword
, "NEW_PASSPHRASE"))
1493 return gpg_error(GPG_ERR_ASS_UNKNOWN_INQUIRE
);
1495 if (stat(filename
, &st
) == -1)
1496 return gpg_error_from_syserror();
1498 if (crypto
->agent
->inquire_maxlen
1499 && st
.st_size
> crypto
->agent
->inquire_maxlen
) {
1500 log_write(_("The passphrase is too large: have=%u, max=%u."),
1501 (unsigned)st
.st_size
, crypto
->agent
->inquire_maxlen
);
1502 return GPG_ERR_TOO_LARGE
;
1505 buf
= gcry_malloc_secure(st
.st_size
);
1507 return GPG_ERR_ENOMEM
;
1509 fd
= open(filename
, O_RDONLY
);
1511 rc
= gpg_error_from_syserror();
1513 len
= read(fd
, buf
, st
.st_size
);
1514 if (len
== st
.st_size
) {
1515 assuan_begin_confidential(crypto
->agent
->ctx
);
1516 rc
= assuan_send_data(crypto
->agent
->ctx
, buf
, len
);
1517 assuan_end_confidential(crypto
->agent
->ctx
);
1520 rc
= gpg_error_from_syserror();
1522 rc
= GPG_ERR_BUFFER_TOO_SHORT
;
1530 gpg_error_t
export_common(struct crypto_s
*crypto
, const char *hexgrip
,
1531 const char *sign_hexgrip
, int no_passphrase
,
1532 const void * data
, size_t datalen
, const char *outfile
,
1533 const char *keyparams
, const char *keyfile
)
1537 if (!sign_hexgrip
&& hexgrip
)
1538 sign_hexgrip
= hexgrip
;
1541 if (crypto
->sigpkey_sexp
)
1542 gcry_sexp_release(crypto
->sigpkey_sexp
);
1544 crypto
->sigpkey_sexp
= NULL
;
1545 rc
= get_pubkey(crypto
, sign_hexgrip
, &crypto
->save
.sigpkey
);
1549 gcry_pk_get_keygrip(crypto
->save
.sigpkey
, crypto
->sign_grip
);
1553 rc
= get_pubkey(crypto
, hexgrip
, &crypto
->save
.pkey
);
1555 gcry_pk_get_keygrip(crypto
->save
.pkey
, crypto
->grip
);
1558 struct inquire_data_s idata
= {0};
1559 char *params
= keyparams
? str_dup(keyparams
)
1560 : default_key_params(crypto
);
1562 pthread_cleanup_push(xfree
, params
);
1563 log_write(_("Generating a new keypair ..."));
1565 log_write(_("Using passphrase obtained from file '%s'"), keyfile
);
1566 rc
= set_pinentry_mode(crypto
->agent
, "loopback");
1567 crypto
->agent
->inquire_cb
= inquire_keyfile
;
1568 crypto
->agent
->inquire_data
= crypto
;
1569 crypto
->agent
->inquire_data2
= (char *)keyfile
;
1570 crypto
->agent
->inquire_data3
= params
;
1573 idata
.line
= params
;
1574 idata
.len
= strlen(params
);
1575 idata
.crypto
= crypto
;
1576 crypto
->agent
->inquire_cb
= inquire_cb
;
1577 crypto
->agent
->inquire_data
= &idata
;
1581 rc
= generate_key(crypto
, params
, no_passphrase
, 1);
1582 gcry_pk_get_keygrip(crypto
->save
.pkey
, crypto
->grip
);
1585 (void)set_pinentry_mode(crypto
->agent
, "ask");
1586 pthread_cleanup_pop(1);
1590 rc
= encrypt_data_file(NULL
, crypto
, crypto
->save
.pkey
,
1591 crypto
->save
.sigpkey
, outfile
, data
, datalen
);
1593 char *tmp
= bin2hex(crypto
->grip
, sizeof(crypto
->grip
));
1595 log_write(_("Success! Keygrip is %s."), tmp
);
1596 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
,
1597 "CLEAR_PASSPHRASE --mode=normal %s", tmp
);
1601 tmp
= bin2hex(crypto
->sign_grip
, sizeof(crypto
->sign_grip
));
1602 log_write(_("Signed with keygrip %s."), tmp
);
1611 char *default_key_params(struct crypto_s
*crypto
)
1613 int len
= config_get_integer(NULL
, "nbits");
1615 char *algo
= config_get_string(NULL
, "algo");
1618 snprintf(buf
, sizeof(buf
), "%i", len
);
1619 result
= str_asprintf("(genkey (%s (nbits %lu:%i)))", algo
, strlen(buf
),
1625 gpg_error_t
agent_passwd(struct crypto_s
*crypto
)
1627 struct inquire_data_s idata
= {0};
1629 char *tmp
= bin2hex(crypto
->grip
, 20);
1631 idata
.crypto
= crypto
;
1632 crypto
->agent
->inquire_cb
= inquire_cb
;
1633 crypto
->agent
->inquire_data
= &idata
;
1634 rc
= send_to_agent(crypto
->agent
, NULL
, NULL
, "PASSWD --preset %s", tmp
);
1639 gpg_error_t
kill_scd(struct agent_s
*agent
)
1643 if (config_get_boolean(NULL
, "kill_scd")) {
1644 rc
= send_to_agent(agent
, NULL
, NULL
, "SCD KILLSCD");
1645 if (rc
&& gpg_err_code(rc
) != GPG_ERR_NO_SCDAEMON
)
1646 log_write("%s: %s", __FUNCTION__
, pwmd_strerror(rc
));