search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Set the TLS audit log callback.
[pwmd.git] / src / crypto.c
blob4bf70226ae28727101ad3ba2302aacc8ba68c395
1 /*
2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015
3 Ben Kibbey <bjk@luxsci.net>
4
5 This file is part of pwmd.
6
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
11
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
19 */
20 #ifdef HAVE_CONFIG_H
21 #include <config.h>
22 #endif
23
24 #include <stdio.h>
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 #include <fcntl.h>
28 #include <errno.h>
29 #include <netinet/in.h>
30 #include <arpa/inet.h>
31
32 #include "pwmd-error.h"
33 #include "util-misc.h"
34 #include "common.h"
35 #include "rcfile.h"
36 #include "pinentry.h"
37 #include "crypto.h"
38 #include "cache.h"
39 #include "mem.h"
40 #include "util-string.h"
41
42 static uint8_t pwmd_magic[5] = { '\177', 'P', 'W', 'M', 'D' };
43
44 /* Sets the default cipher values for new files. */
45 static void
46 set_header_defaults (file_header_t * hdr)
47 {
48 char *s = config_get_string (NULL, "cipher");
49 int flags = cipher_string_to_cipher (s);
50
51 xfree (s);
52 memset (hdr, 0, sizeof (file_header_t));
53 memcpy (hdr->magic, pwmd_magic, sizeof (hdr->magic));
54 if (flags == -1)
55 log_write (_
56 ("Invalid 'cipher' in configuration file. Using a default of aes256."));
57 hdr->flags = flags == -1 ? PWMD_CIPHER_AES256 : flags;
58 hdr->version = VERSION_HEX;
59
60 #ifdef WITH_AGENT
61 if (use_agent)
62 hdr->flags |= PWMD_FLAG_PKI;
63 #endif
64 }
65
66 static gpg_error_t
67 read_header (file_header_t *hdr, int fd)
68 {
69 ssize_t len;
70 uint32_t i;
71 uint64_t n;
72
73 #ifdef WORDS_BIGENDIAN
74 len = read (fd, &hdr->magic, sizeof(hdr->magic));
75 if (len == -1)
76 goto done;
77
78 len = read (fd, &hdr->version, sizeof(hdr->version));
79 if (len == -1)
80 goto done;
81
82 len = read (fd, &hdr->s2k_count, sizeof(hdr->s2k_count));
83 if (len == -1)
84 goto done;
85
86 len = read (fd, &hdr->flags, sizeof(hdr->flags));
87 if (len == -1)
88 goto done;
89
90 len = read (fd, &hdr->iv, sizeof(hdr->iv));
91 if (len == -1)
92 goto done;
93
94 len = read (fd, &hdr->salt, sizeof(hdr->salt));
95 if (len == -1)
96 goto done;
97
98 len = read (fd, &hdr->datalen, sizeof(hdr->datalen));
99 if (len == -1)
100 goto done;
101 #else
102 len = read (fd, &hdr->magic, sizeof(hdr->magic));
103 if (len == -1)
104 goto done;
105
106 len = read (fd, &i, sizeof(hdr->version));
107 if (len == -1)
108 goto done;
109 hdr->version = ntohl (i);
110
111 len = read (fd, &n, sizeof(hdr->s2k_count));
112 if (len == -1)
113 goto done;
114 hdr->s2k_count = (((uint64_t) ntohl (n)) << 32) + ntohl (n >> 32);
115
116 len = read (fd, &n, sizeof(hdr->flags));
117 if (len == -1)
118 goto done;
119 hdr->flags = (((uint64_t) ntohl (n)) << 32) + ntohl (n >> 32);
120
121 len = read (fd, &hdr->iv, sizeof(hdr->iv));
122 if (len == -1)
123 goto done;
124
125 len = read (fd, &hdr->salt, sizeof(hdr->salt));
126 if (len == -1)
127 goto done;
128
129 len = read (fd, &i, sizeof(hdr->datalen));
130 if (len == -1)
131 goto done;
132 hdr->datalen = ntohl (i);
133 #endif
134
135 done:
136 return len == -1 ? gpg_error_from_errno (errno) : 0;
137 }
138
139 /* Read the header of a data file to determine cipher and other. The
140 * header is stored big endian in the file and is converted to little
141 * endian when needed. */
142 gpg_error_t
143 read_data_header (const char *filename, file_header_t * rhdr,
144 struct stat *rst, int *rfd)
145 {
146 gpg_error_t rc = 0;
147 struct stat st;
148 file_header_t hdr;
149 int fd;
150
151 if (lstat (filename, &st) == -1)
152 return gpg_error_from_errno (errno);
153
154 if (!S_ISREG (st.st_mode))
155 return gpg_error (GPG_ERR_ENOANO);
156
157 fd = open (filename, O_RDONLY);
158 if (fd == -1)
159 return gpg_error_from_errno (errno);
160
161 rc = read_header (&hdr, fd);
162 if (!rc && memcmp (hdr.magic, pwmd_magic, sizeof (hdr.magic)))
163 rc = GPG_ERR_BAD_DATA;
164 else if (!rc && hdr.version < 0x030000)
165 rc = GPG_ERR_UNKNOWN_VERSION;
166
167 if (rc)
168 close (fd);
169 else
170 {
171 if (rhdr)
172 *rhdr = hdr;
173 if (rst)
174 *rst = st;
175 if (rfd)
176 *rfd = fd;
177 else
178 close (fd);
179 }
180
181 return gpg_error (rc);
182 }
183
184 gpg_error_t
185 read_data_file (const char *filename, struct crypto_s * crypto)
186 {
187 int fd;
188 gpg_error_t rc = 0;
189 size_t len, rlen;
190 char *buf = NULL;
191 struct stat st;
192
193 if (!filename)
194 return GPG_ERR_INV_PARAMETER;
195
196 cleanup_crypto_stage1 (crypto);
197 rc = read_data_header (filename, &crypto->hdr, &st, &fd);
198 if (rc)
199 return gpg_error (rc);
200
201 crypto->ciphertext_len = crypto->hdr.datalen;
202 crypto->ciphertext = xmalloc (crypto->hdr.datalen);
203 if (!crypto->ciphertext)
204 {
205 rc = GPG_ERR_ENOMEM;
206 goto done;
207 }
208
209 /* The keygrips for PKI files are stored after the header. They are
210 * stored in the file to let file(1) magic(5) show the grips. */
211 if (crypto->hdr.flags & PWMD_FLAG_PKI)
212 {
213 rlen = read (fd, crypto->grip, 20);
214 if (rlen != 20)
215 {
216 rc = rlen == -1 ? gpg_error_from_errno (errno) : GPG_ERR_BAD_DATA;
217 goto done;
218 }
219
220 rlen = read (fd, crypto->sign_grip, 20);
221 if (rlen != 20)
222 {
223 rc = rlen == -1 ? gpg_error_from_errno (errno) : GPG_ERR_BAD_DATA;
224 goto done;
225 }
226 }
227
228 len = read (fd, crypto->ciphertext, crypto->hdr.datalen);
229 if (len != crypto->hdr.datalen)
230 {
231 rc = len == -1 ? gpg_error_from_errno (errno) : GPG_ERR_BAD_DATA;
232 goto done;
233 }
234
235 if (!(crypto->hdr.flags & PWMD_FLAG_PKI))
236 goto done;
237
238 if (!use_agent)
239 {
240 rc = GPG_ERR_NOT_IMPLEMENTED;
241 goto done;
242 }
243
244 #ifdef WITH_AGENT
245 len = st.st_size - sizeof (file_header_t) - crypto->hdr.datalen - 40;
246 buf = xmalloc (len);
247 if (!buf)
248 {
249 rc = GPG_ERR_ENOMEM;
250 goto done;
251 }
252
253 /* Remaining data file bytes are the encrypted key and XML. */
254 rlen = read (fd, buf, len);
255 if (rlen != len)
256 {
257 rc = rlen == -1 ? gpg_error_from_errno (errno) : GPG_ERR_BAD_DATA;
258 goto done;
259 }
260
261 rc = gcry_sexp_new (&crypto->ciphertext_sexp, buf, rlen, 1);
262 if (rc)
263 goto done;
264
265 if (crypto->pkey_sexp)
266 gcry_sexp_release (crypto->pkey_sexp);
267
268 if (crypto->sigpkey_sexp)
269 gcry_sexp_release (crypto->sigpkey_sexp);
270
271 crypto->pkey_sexp = crypto->sigpkey_sexp = NULL;
272 rc = get_pubkey_bin (crypto, crypto->grip, &crypto->pkey_sexp);
273 if (!rc)
274 rc = get_pubkey_bin (crypto, crypto->sign_grip, &crypto->sigpkey_sexp);
275 #endif
276
277 done:
278 close (fd);
279 xfree (buf);
280 if (rc && gpg_err_source (rc) == GPG_ERR_SOURCE_UNKNOWN)
281 rc = gpg_error (rc);
282
283 return rc;
284 }
285
286 #define CRYPTO_BLOCKSIZE(c) (blocksize * 1024)
287
288 /*
289 * Useful for a large amount of data. Rather than doing all of the data in one
290 * iteration do it in chunks. This lets the command be cancelable rather than
291 * waiting for it to complete.
292 */
293 static gpg_error_t
294 iterate_crypto_once (gcry_cipher_hd_t h, unsigned char *inbuf,
295 size_t insize, size_t blocksize, status_msg_t which)
296 {
297 gpg_error_t rc = 0;
298 off_t len = CRYPTO_BLOCKSIZE (blocksize);
299 void *p = gcry_malloc (len);
300 off_t total = 0;
301
302 if (!p)
303 return gpg_error (GPG_ERR_ENOMEM);
304
305 if (insize < CRYPTO_BLOCKSIZE (blocksize))
306 len = insize;
307
308 pthread_cleanup_push (gcry_free, p);
309
310 for (;;)
311 {
312 unsigned char *inbuf2 = inbuf + total;
313 unsigned char *tmp;
314
315 if (len + total > insize)
316 len = blocksize;
317
318 if (which == STATUS_ENCRYPT)
319 rc = gcry_cipher_encrypt (h, p, len, inbuf2, len);
320 else
321 rc = gcry_cipher_decrypt (h, p, len, inbuf2, len);
322
323 if (rc)
324 break;
325
326 tmp = inbuf + total;
327 memmove (tmp, p, len);
328 total += len;
329 if (total >= insize)
330 break;
331
332 #ifdef HAVE_PTHREAD_TESTCANCEL
333 pthread_testcancel ();
334 #endif
335 }
336
337 pthread_cleanup_pop (1);
338 if (rc && gpg_err_source (rc) == GPG_ERR_SOURCE_UNKNOWN)
339 rc = gpg_error (rc);
340
341 return rc;
342 }
343
344 static void
345 cleanup_cipher (void *arg)
346 {
347 gcry_cipher_close ((gcry_cipher_hd_t) arg);
348 }
349
350 /* Decrypt the XML data. For PKI data files the key is retrieved from
351 * gpg-agent and the signature verified. */
352 gpg_error_t
353 decrypt_data (assuan_context_t ctx, struct crypto_s *crypto,
354 unsigned char *salted_key, size_t skeylen)
355 {
356 gpg_error_t rc = 0;
357 unsigned char *key = salted_key;
358 gcry_cipher_hd_t h = NULL;
359 size_t blocksize, keysize = 0;
360 int algo = cipher_to_gcrypt (crypto->hdr.flags);
361 void *outbuf = NULL;
362 uint64_t n = crypto->hdr.s2k_count;
363 long progress = 0;
364 #ifdef WITH_AGENT
365 size_t keylen = skeylen;
366 gcry_sexp_t sig_sexp;
367
368 if (crypto->hdr.flags & PWMD_FLAG_PKI)
369 {
370 rc = agent_extract_key (crypto, &key, &keylen);
371 if (rc)
372 return rc;
373
374 sig_sexp = gcry_sexp_find_token (crypto->ciphertext_sexp, "sig-val", 0);
375 if (!sig_sexp)
376 {
377 gcry_free (key);
378 return GPG_ERR_BAD_DATA;
379 }
380
381 rc = agent_verify (crypto->sigpkey_sexp, sig_sexp, crypto->ciphertext,
382 crypto->ciphertext_len);
383 gcry_sexp_release (sig_sexp);
384 }
385 #endif
386
387 if (!rc)
388 {
389 rc = gcry_cipher_open (&h, algo, GCRY_CIPHER_MODE_CBC, 0);
390 if (!rc)
391 {
392 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL,
393 &keysize);
394 if (!rc)
395 {
396 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_BLKLEN, NULL,
397 &blocksize);
398 if (!rc)
399 {
400 rc = gcry_cipher_setiv (h, crypto->hdr.iv, blocksize);
401 if (!rc)
402 {
403 rc = gcry_cipher_setkey (h, key, keysize);
404 }
405 }
406 }
407 }
408 }
409
410 pthread_cleanup_push (cleanup_cipher, rc ? NULL : h);
411
412 if (!rc)
413 {
414 outbuf = gcry_malloc (crypto->hdr.datalen);
415 if (!outbuf)
416 rc = GPG_ERR_ENOMEM;
417 }
418
419 pthread_cleanup_push (gcry_free, outbuf);
420 #ifdef WITH_AGENT
421 pthread_cleanup_push (gcry_free, key);
422 #endif
423
424 if (!rc)
425 {
426 if (!key)
427 rc = GPG_ERR_INV_PARAMETER;
428 else
429 {
430 memcpy (outbuf, crypto->ciphertext, crypto->hdr.datalen);
431 rc = iterate_crypto_once (h, outbuf, crypto->hdr.datalen, blocksize,
432 STATUS_DECRYPT);
433 }
434
435 if (!rc && crypto->hdr.version <= 0x03000e)
436 {
437 key[0] ^= 1;
438 rc = gcry_cipher_setkey (h, key, keysize);
439 }
440 }
441
442 if (!rc && crypto->hdr.version <= 0x03000e)
443 {
444 progress = config_get_long (NULL, "cipher_progress");
445 if (progress == -1)
446 progress = strtol (DEFAULT_ITERATION_PROGRESS, NULL, 10);
447 }
448
449 if (ctx && crypto->hdr.s2k_count)
450 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu", 0,
451 crypto->hdr.version <= 0x03000e ? crypto->hdr.s2k_count : 1);
452
453 if (!rc && crypto->hdr.version <= 0x03000e)
454 {
455 for (n = 0; !rc && n < crypto->hdr.s2k_count; n++)
456 {
457 if (ctx && progress && !(n % progress))
458 {
459 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu", n,
460 crypto->hdr.s2k_count);
461 if (rc)
462 break;
463 }
464
465 rc = gcry_cipher_setiv (h, crypto->hdr.iv, blocksize);
466 if (rc)
467 break;
468
469 rc = iterate_crypto_once (h, outbuf, crypto->hdr.datalen, blocksize,
470 STATUS_DECRYPT);
471 }
472 }
473
474 if (!rc && ctx && crypto->hdr.s2k_count)
475 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu",
476 crypto->hdr.version <= 0x03000e ? n : 1,
477 crypto->hdr.version <= 0x03000e ? crypto->hdr.s2k_count : 1);
478
479 #ifdef WITH_AGENT
480 pthread_cleanup_pop (0);
481 if (crypto->hdr.flags & PWMD_FLAG_PKI)
482 gcry_free (key);
483 else if (key && crypto->hdr.version <= 0x03000e)
484 key[0] ^= 1;
485 #else
486 if (crypto->hdr.version <= 0x03000e)
487 key[0] ^= 1;
488 #endif
489 pthread_cleanup_pop (rc ? 1 : 0); /* outbuf */
490 pthread_cleanup_pop (1); /* cipher */
491 if (!rc)
492 {
493 char buf[] = "<?xml ";
494
495 if (memcmp (outbuf, buf, sizeof(buf)-1))
496 {
497 gcry_free (outbuf);
498 return gpg_error (GPG_ERR_BAD_PASSPHRASE);
499 }
500
501 crypto->plaintext = outbuf;
502 crypto->plaintext_len = crypto->hdr.datalen;
503 }
504
505 if (rc && gpg_err_source (rc) == GPG_ERR_SOURCE_UNKNOWN)
506 rc = gpg_error (rc);
507
508 return rc;
509 }
510
511 /* The cached document is encrypted with encrypt_xml(). This decrypts
512 * it from the OPEN command. */
513 gpg_error_t
514 decrypt_cache (struct crypto_s * crypto, const void *data, size_t len)
515 {
516 gcry_cipher_hd_t h = NULL;
517 gpg_error_t rc;
518
519 rc = gcry_cipher_open (&h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
520 if (rc)
521 return rc;
522
523 gcry_free (crypto->plaintext);
524 crypto->plaintext = gcry_malloc (len);
525 if (!crypto->plaintext)
526 {
527 rc = GPG_ERR_ENOMEM;
528 goto done;
529 }
530
531 rc = gcry_cipher_setiv (h, cache_iv, cache_blocksize);
532 if (rc)
533 goto done;
534
535 rc = gcry_cipher_setkey (h, cache_key, cache_keysize);
536 if (rc)
537 goto done;
538
539 rc = gcry_cipher_decrypt (h, crypto->plaintext, len, data, len);
540 if (rc || strncmp (crypto->plaintext, "<?xml ", 6))
541 {
542 if (!rc)
543 rc = GPG_ERR_BAD_DATA;
544
545 gcry_free (crypto->plaintext);
546 crypto->plaintext = NULL;
547 }
548
549 crypto->plaintext_len = len;
550
551 done:
552 if (h)
553 gcry_cipher_close (h);
554
555 return rc;
556 }
557
558 /* Encrypt the XML data and set 'result'. At least one encryption
559 * iteration is done. */
560 gpg_error_t
561 encrypt_xml (assuan_context_t ctx, void *key, size_t keylen,
562 int algo, const void *xml, size_t len, void * *result,
563 size_t *result_len, unsigned char **iv, size_t * iv_len)
564 {
565 gpg_error_t rc;
566 gcry_cipher_hd_t h;
567 size_t blocksize, keysize;
568 void *inbuf = NULL;
569 int init_iv = *(iv_len) == 0;
570 size_t olen = len;
571
572 if (!key)
573 return GPG_ERR_INV_PARAMETER;
574
575 rc = gcry_cipher_open (&h, algo, GCRY_CIPHER_MODE_CBC, 0);
576 if (rc)
577 return rc;
578
579 pthread_cleanup_push (cleanup_cipher, h);
580 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &keysize);
581 if (!rc)
582 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_BLKLEN, NULL, &blocksize);
583
584 if (!rc && init_iv)
585 {
586 *(iv) = xmalloc (blocksize);
587 if (!*(iv))
588 rc = GPG_ERR_ENOMEM;
589 else
590 gcry_create_nonce (*(iv), blocksize);
591 }
592
593 if (!rc)
594 {
595 if (init_iv)
596 *iv_len = blocksize;
597
598 if (len % blocksize)
599 len += blocksize - (len % blocksize);
600
601 inbuf = gcry_malloc (len);
602 if (!inbuf)
603 rc = GPG_ERR_ENOMEM;
604 else
605 {
606 memset (inbuf, 0, len);
607 memcpy (inbuf, xml, olen);
608 }
609 }
610
611 pthread_cleanup_push (gcry_free, inbuf);
612
613 if (!rc && ctx)
614 rc = send_status (ctx, STATUS_ENCRYPT, "%llu %llu", 0, 1);
615
616 if (!rc)
617 {
618 rc = gcry_cipher_setiv (h, *(iv), blocksize);
619 if (!rc)
620 {
621 rc = gcry_cipher_setkey (h, key, keysize);
622 if (!rc)
623 {
624 rc = iterate_crypto_once (h, inbuf, len, blocksize,
625 STATUS_ENCRYPT);
626 }
627 }
628 }
629
630 if (!rc && ctx)
631 rc = send_status (ctx, STATUS_ENCRYPT, "%llu %llu", 1, 1);
632
633 pthread_cleanup_pop (rc ? 1 : 0); /* inbuf */
634 pthread_cleanup_pop (1); /* cipher */
635
636 if (rc && init_iv)
637 {
638 xfree (*(iv));
639 *iv = NULL;
640 }
641
642 *result = rc ? NULL : inbuf;
643 *result_len = len;
644 return rc;
645 }
646
647 void
648 cleanup_save (struct save_s *save)
649 {
650 if (!save)
651 return;
652
653 #ifdef WITH_AGENT
654 if (save->pkey)
655 gcry_sexp_release (save->pkey);
656
657 if (save->sigpkey)
658 gcry_sexp_release (save->sigpkey);
659 #endif
660
661 memset (save, 0, sizeof (struct save_s));
662 }
663
664 /* Keep the agent ctx to retain pinentry options which will be freed in
665 * cleanup_cb(). Also keep .pubkey since it may be needed for a SAVE. */
666 void
667 cleanup_crypto_stage1 (struct crypto_s *cr)
668 {
669 if (!cr)
670 return;
671
672 cleanup_save (&cr->save);
673
674 #ifdef WITH_AGENT
675 if (cr->ciphertext_sexp)
676 gcry_sexp_release (cr->ciphertext_sexp);
677
678 cr->ciphertext_sexp = NULL;
679 #endif
680
681 gcry_free (cr->plaintext);
682 xfree (cr->ciphertext);
683 xfree (cr->filename);
684 cr->filename = NULL;
685 cr->ciphertext = NULL;
686 cr->ciphertext_len = 0;
687 cr->plaintext = NULL;
688 cr->plaintext_len = 0;
689 }
690
691 void
692 cleanup_crypto_stage2 (struct crypto_s *cr)
693 {
694 if (!cr)
695 return;
696
697 cleanup_crypto_stage1 (cr);
698 set_header_defaults (&cr->hdr);
699 }
700
701 void
702 cleanup_crypto (struct crypto_s **c)
703 {
704 struct crypto_s *cr = *c;
705
706 if (!cr)
707 return;
708
709 cleanup_crypto_stage2 (cr);
710
711 #ifdef WITH_AGENT
712 if (cr->pkey_sexp)
713 gcry_sexp_release (cr->pkey_sexp);
714
715 if (cr->sigpkey_sexp)
716 gcry_sexp_release (cr->sigpkey_sexp);
717
718 if (cr->agent)
719 cleanup_agent (cr->agent);
720 #endif
721
722 xfree (cr);
723 *c = NULL;
724 }
725
726 gpg_error_t
727 init_client_crypto (struct crypto_s **crypto)
728 {
729 struct crypto_s *new = xcalloc (1, sizeof (struct crypto_s));
730 gpg_error_t rc;
731
732 if (!new)
733 {
734 rc = GPG_ERR_ENOMEM;
735 return rc;
736 }
737
738 #ifdef WITH_AGENT
739 if (use_agent)
740 {
741 rc = agent_init (&new->agent);
742 if (!rc)
743 {
744 rc = send_agent_common_options (new->agent);
745 if (!rc)
746 rc = agent_set_pinentry_options (new->agent);
747 }
748
749 if (rc)
750 {
751 cleanup_agent (new->agent);
752 xfree (new);
753 return rc;
754 }
755 }
756 #endif
757
758 set_header_defaults (&new->hdr);
759 *crypto = new;
760 return 0;
761 }
762
763 static gpg_error_t
764 try_decrypt (assuan_context_t ctx, int inquire, struct crypto_s *crypto,
765 const char *filename, unsigned char **key, size_t *keysize)
766 {
767 gpg_error_t rc;
768 int pin_try = 1;
769 int pin_tries = 3;
770 char *pin_title = NULL;
771 struct client_s *client = ctx ? assuan_get_pointer (ctx) : NULL;
772
773 do
774 {
775 rc = decrypt_common (ctx, inquire, crypto, filename, NULL, NULL, key,
776 keysize);
777 if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE && ctx)
778 {
779 if (pin_try == 1)
780 pin_title = client->pinentry_opts.title;
781
782 client->pinentry_opts.title = str_asprintf (_ ("Bad passphrase (try %i of %i)"), pin_try+1, pin_tries);
783 }
784 }
785 while (!inquire && gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
786 && ++pin_try <= pin_tries);
787
788 if (ctx && pin_title != client->pinentry_opts.title)
789 {
790 xfree (client->pinentry_opts.title);
791 client->pinentry_opts.title = pin_title;
792 }
793
794 return rc;
795 }
796
797 /* Common to both PKI and non-PKI files when saving a data
798 * file. Defers to gpg-agent when needed and handles keyfiles. */
799 gpg_error_t
800 export_common (assuan_context_t ctx, int inquire, struct crypto_s * crypto,
801 const void *data, size_t datalen, const char *outfile,
802 const char *keyfile, void **rkey, size_t *rkeylen,
803 int use_cache, int force, int no_passphrase)
804 {
805 gpg_error_t rc = 0;
806 void *enc_xml = NULL;
807 size_t enc_xml_len = 0;
808 unsigned char *iv = NULL;
809 size_t iv_len = 0;
810 int algo = cipher_to_gcrypt (crypto->save.hdr.flags);
811 unsigned char *key = NULL;
812 void *salted_key = NULL;
813 size_t keysize, keylen = 0;
814 int cached = 0;
815
816 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &keysize);
817 if (rc)
818 return rc;
819
820 if (keyfile)
821 {
822 int fd;
823 unsigned char *buf;
824 struct stat st;
825
826 if (stat (keyfile, &st) == -1)
827 return gpg_error_from_errno (errno);
828
829 buf = gcry_malloc (st.st_size);
830 if (!buf)
831 return GPG_ERR_ENOMEM;
832
833 fd = open (keyfile, O_RDONLY);
834 if (fd == -1)
835 rc = gpg_error_from_errno (errno);
836 else
837 {
838 size_t len = read (fd, buf, st.st_size);
839
840 if (len != st.st_size)
841 rc = GPG_ERR_TOO_SHORT;
842 }
843
844 if (fd != -1)
845 close (fd);
846
847 key = buf;
848 keylen = st.st_size;
849 log_write (_("Using passphrase obtained from file '%s'"), keyfile);
850
851 if (!keylen)
852 {
853 unsigned char *tmp;
854
855 gcry_free (key);
856 tmp = gcry_malloc (sizeof (unsigned char));
857 *tmp = 0;
858 key = tmp;
859 keylen++;
860 }
861 }
862 else
863 {
864 if (use_cache)
865 {
866 int defer = -1;
867
868 cache_lock ();
869 rc = cache_iscached (outfile, &defer);
870 if (!rc)
871 cached = 1;
872 else if (gpg_err_code (rc) == GPG_ERR_ENOENT
873 || gpg_err_code (rc) == GPG_ERR_NO_DATA)
874 rc = 0;
875
876 if (cached)
877 {
878 struct cache_data_s *cdata = cache_get_data_filename (outfile);
879
880 salted_key = gcry_malloc (cdata->keylen);
881 if (salted_key)
882 {
883 memcpy (salted_key, cdata->key, cdata->keylen);
884 keysize = cdata->keylen;
885 }
886 else
887 rc = GPG_ERR_ENOMEM;
888 }
889
890 cache_unlock ();
891 }
892
893 if (!rc && !cached)
894 {
895 if (force) // SAVE
896 {
897 struct crypto_s *tmp = NULL;
898 gpg_error_t rc = init_client_crypto (&tmp);
899
900 if (!rc)
901 {
902 rc = read_data_file (outfile, tmp);
903 if (!rc)
904 {
905 rc = try_decrypt (ctx, inquire, tmp, outfile,
906 &key, &keylen);
907 }
908 }
909
910 cleanup_crypto (&tmp);
911 if (rc && gpg_err_code (rc) == GPG_ERR_ENOENT)
912 use_cache = 0;
913 else if (rc)
914 return rc;
915 }
916
917 if (!use_cache && !no_passphrase) // PASSWD or new file
918 {
919 gcry_free (key);
920 if (inquire)
921 {
922 rc = inquire_passphrase (ctx, "NEW_PASSPHRASE",
923 (unsigned char **)&key, &keylen);
924 }
925 else
926 {
927 rc = getpin_common (ctx, outfile, PINENTRY_SAVE,
928 (char **)&key, &keylen);
929 }
930
931 if (rc)
932 return rc;
933 }
934 else
935 {
936 if (no_passphrase)
937 {
938 keylen = 1;
939 key = gcry_malloc (keylen);
940 memset (key, 0, keylen);
941 }
942 }
943 }
944 }
945
946 if (!rc && !cached)
947 {
948 gcry_create_nonce (crypto->save.hdr.salt, sizeof(crypto->save.hdr.salt));
949 rc = hash_key (algo, crypto->save.hdr.salt,
950 sizeof(crypto->save.hdr.salt), key, keylen, &salted_key,
951 &keysize, crypto->save.hdr.s2k_count);
952 gcry_free (key);
953 }
954
955 if (!rc)
956 {
957 rc = encrypt_xml (ctx, salted_key, keysize, algo, data, datalen,
958 &enc_xml, &enc_xml_len, &iv, &iv_len);
959 }
960
961 if (!rc)
962 {
963 if (no_passphrase && !(crypto->save.hdr.flags & PWMD_FLAG_PKI))
964 crypto->save.hdr.flags |= PWMD_FLAG_NO_PASSPHRASE;
965
966 memcpy (crypto->save.hdr.iv, iv, iv_len);
967 xfree (iv);
968 crypto->save.hdr.datalen = enc_xml_len;
969 rc = write_file (crypto, outfile, enc_xml, enc_xml_len, NULL, 0, NULL,
970 NULL);
971 gcry_free (enc_xml);
972 if (!rc)
973 {
974 *rkey = salted_key;
975 *rkeylen = keysize;
976 memcpy (&crypto->hdr, &crypto->save.hdr, sizeof (file_header_t));
977 }
978 }
979
980 if (rc)
981 gcry_free (salted_key);
982
983 return rc;
984 }
985
986 static gpg_error_t
987 write_header (struct crypto_s *crypto, int fd)
988 {
989 ssize_t len;
990 uint64_t n, x;
991 uint32_t i;
992
993 #ifdef WITH_AGENT
994 if (IS_PKI (crypto))
995 crypto->save.hdr.s2k_count = 0;
996 #endif
997
998 #ifdef WORDS_BIGENDIAN
999 len = write (fd, &crypto->save.hdr.magic, sizeof(crypto->save.hdr.magic));
1000 if (len == -1)
1001 goto done;
1002
1003 len = write (fd, &crypto->save.hdr.version, sizeof(crypto->save.hdr.version));
1004 if (len == -1)
1005 goto done;
1006
1007 len = write (fd, &crypto->save.hdr.s2k_count,
1008 sizeof(crypto->save.hdr.s2k_count));
1009 if (len == -1)
1010 goto done;
1011
1012 len = write (fd, &crypto->save.hdr.flags, sizeof(crypto->save.hdr.flags));
1013 if (len == -1)
1014 goto done;
1015
1016 len = write (fd, &crypto->save.hdr.iv, sizeof(crypto->save.hdr.iv));
1017 if (len == -1)
1018 goto done;
1019
1020 len = write (fd, &crypto->save.hdr.salt, sizeof(crypto->save.hdr.salt));
1021 if (len == -1)
1022 goto done;
1023
1024 len = write (fd, &crypto->save.hdr.datalen, sizeof(crypto->save.hdr.datalen));
1025 if (len == -1)
1026 goto done;
1027 #else
1028 len = write (fd, &crypto->save.hdr.magic, sizeof(crypto->save.hdr.magic));
1029 if (len == -1)
1030 goto done;
1031
1032 i = htonl (crypto->save.hdr.version);
1033 len = write (fd, &i, sizeof(i));
1034 if (len == -1)
1035 goto done;
1036
1037 n = crypto->save.hdr.s2k_count;
1038 x = (((uint64_t) htonl (n)) << 32) + htonl (n >> 32);
1039 len = write (fd, &x, sizeof(x));
1040 if (len == -1)
1041 goto done;
1042
1043 n = crypto->save.hdr.flags;
1044 x = (((uint64_t) htonl (n)) << 32) + htonl (n >> 32);
1045 len = write (fd, &x, sizeof(x));
1046 if (len == -1)
1047 goto done;
1048
1049 len = write (fd, &crypto->save.hdr.iv, sizeof(crypto->save.hdr.iv));
1050 if (len == -1)
1051 goto done;
1052
1053 len = write (fd, &crypto->save.hdr.salt, sizeof(crypto->save.hdr.salt));
1054 if (len == -1)
1055 goto done;
1056
1057 i = htonl (crypto->save.hdr.datalen);
1058 len = write (fd, &i, sizeof(i));
1059 if (len == -1)
1060 goto done;
1061 #endif
1062
1063 done:
1064 return len == -1 ? gpg_error_from_errno (errno) : 0;
1065 }
1066
1067 /* Write the data structures to disk. */
1068 gpg_error_t
1069 write_file (struct crypto_s *crypto, const char *filename,
1070 void *data, size_t data_len, void *sexp, size_t sexp_len,
1071 void *pubkey, void *sigpkey)
1072 {
1073 char tmp[FILENAME_MAX] = { 0 };
1074 mode_t mode = 0;
1075 struct stat st;
1076 int fd;
1077 gpg_error_t rc = 0;
1078
1079 if (filename)
1080 {
1081 mode_t mask;
1082
1083 if (lstat (filename, &st) == 0)
1084 {
1085 mode = st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO);
1086
1087 if (!(mode & S_IWUSR))
1088 return GPG_ERR_EACCES;
1089 }
1090 else if (errno != ENOENT)
1091 return gpg_error_from_errno (errno);
1092
1093 snprintf (tmp, sizeof (tmp), "%s.XXXXXX", filename);
1094 mask = umask (600);
1095 fd = mkstemp (tmp);
1096 if (fd == -1)
1097 {
1098 rc = gpg_error_from_errno (errno);
1099 log_write ("%s: %s", tmp, pwmd_strerror (rc));
1100 umask (mask);
1101 return rc;
1102 }
1103
1104 umask (mask);
1105 }
1106 else
1107 {
1108 // xml_import() or convert_file() from command line.
1109 fd = STDOUT_FILENO;
1110 }
1111
1112 pthread_cleanup_push (cleanup_unlink_cb, tmp);
1113 crypto->save.hdr.version = VERSION_HEX;
1114 rc = write_header (crypto, fd);
1115 if (!rc)
1116 {
1117 size_t len;
1118
1119 if (crypto->save.hdr.flags & PWMD_FLAG_PKI)
1120 {
1121 unsigned char grip[20];
1122
1123 gcry_pk_get_keygrip ((gcry_sexp_t) pubkey, grip);
1124 len = write (fd, grip, sizeof (grip));
1125 if (len == sizeof (grip))
1126 {
1127 gcry_pk_get_keygrip ((gcry_sexp_t) sigpkey, grip);
1128 len = write (fd, grip, sizeof (grip));
1129 if (len == sizeof (grip))
1130 {
1131 len = write (fd, data, data_len);
1132 if (len == data_len)
1133 {
1134 len = write (fd, sexp, sexp_len);
1135 if (len != sexp_len)
1136 rc = gpg_error_from_errno (errno);
1137 }
1138 else
1139 rc = gpg_error_from_errno (errno);
1140 }
1141 }
1142 else
1143 rc = gpg_error_from_errno (errno);
1144 }
1145 else
1146 {
1147 len = write (fd, data, data_len);
1148 if (len != data_len)
1149 rc = gpg_error_from_errno (errno);
1150 }
1151 }
1152
1153 if (!rc)
1154 {
1155 if (fsync (fd) != -1)
1156 {
1157 if (filename && close (fd) != -1)
1158 {
1159
1160 if (mode && config_get_boolean (filename, "backup"))
1161 {
1162 char tmp2[FILENAME_MAX];
1163
1164 snprintf (tmp2, sizeof (tmp2), "%s.backup", filename);
1165 if (rename (filename, tmp2) == -1)
1166 rc = gpg_error_from_errno (errno);
1167 }
1168 }
1169 else if (filename)
1170 rc = gpg_error_from_errno (errno);
1171 }
1172 else
1173 rc = gpg_error_from_errno (errno);
1174 }
1175
1176 if (!rc)
1177 {
1178 if (filename && rename (tmp, filename) != -1)
1179 {
1180 if (filename && mode)
1181 chmod (filename, mode);
1182
1183 }
1184 else
1185 rc = gpg_error_from_errno (errno);
1186 }
1187
1188 pthread_cleanup_pop (rc ? 1 : 0); // unlink
1189 return rc;
1190 }
1191
1192 gpg_error_t
1193 hash_key (int algo, unsigned char *salt, size_t salt_len, const void *key,
1194 size_t keylen, void **result, size_t *rlen, uint64_t iterations)
1195 {
1196 gpg_error_t rc;
1197 void *tmp;
1198
1199 /* Be sure the algorithm is available. */
1200 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, rlen);
1201 if (rc)
1202 return rc;
1203
1204 /* Always allocate enough for a 256-bit key although the algorithms
1205 themselves may use less. Fixes SAVE --cipher with a different
1206 keylen than the previously saved cipher when cached. */
1207 *rlen = 32;
1208 tmp = xmalloc (*rlen);
1209 if (!tmp)
1210 return GPG_ERR_ENOMEM;
1211
1212 if (!iterations)
1213 iterations = DEFAULT_KDFS2K_ITERATIONS;
1214
1215 rc = gcry_kdf_derive(key, keylen, GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA1,
1216 salt, salt_len, iterations, *rlen, tmp);
1217 if (!rc)
1218 *result = tmp;
1219 else
1220 xfree (tmp);
1221
1222 return rc;
1223 }
1224
1225 gpg_error_t
1226 crypto_try_decrypt (assuan_context_t ctx, int inquire, const char *filename,
1227 struct crypto_s **rcrypto, unsigned char **key,
1228 size_t *rlen)
1229 {
1230 struct crypto_s *crypto = rcrypto ? *rcrypto : NULL;
1231 gpg_error_t rc = init_client_crypto (&crypto);
1232
1233 if (rc)
1234 return rc;
1235
1236 crypto->client_ctx = ctx;
1237 rc = read_data_file (filename, crypto);
1238 if (rc)
1239 {
1240 cleanup_crypto (&crypto);
1241 return rc;
1242 }
1243
1244 rc = try_decrypt (ctx, inquire, crypto, filename, key, rlen);
1245 if (!rcrypto)
1246 cleanup_crypto (&crypto);
1247 else *rcrypto = crypto;
1248
1249 return rc;
1250 }
1251
1252 /* The PASSWD command when not using gpg-agent. */
1253 gpg_error_t
1254 change_passwd (assuan_context_t ctx, const char *filename, int inquire,
1255 struct crypto_s **rcrypto, int no_passphrase)
1256 {
1257 gpg_error_t rc;
1258 unsigned char *key = NULL;
1259 size_t keylen = 0;
1260 struct crypto_s *crypto = NULL;
1261 int cached;
1262
1263 rc = crypto_try_decrypt (ctx, inquire, filename, &crypto, NULL, NULL);
1264 if (rc)
1265 {
1266 cleanup_crypto (&crypto);
1267 return rc;
1268 }
1269
1270 if (!rc)
1271 {
1272 memcpy (&crypto->save.hdr, &crypto->hdr, sizeof (file_header_t));
1273
1274 if (!no_passphrase)
1275 crypto->save.hdr.flags &= ~PWMD_FLAG_NO_PASSPHRASE;
1276
1277 rc = export_common (ctx, inquire, crypto, crypto->plaintext,
1278 crypto->plaintext_len, crypto->filename, NULL,
1279 (void **)&key, &keylen, 0, 0, no_passphrase);
1280 }
1281
1282 if (!rc)
1283 {
1284 rc = save_common (filename, crypto, crypto->plaintext,
1285 crypto->plaintext_len, key, keylen, &cached, 1);
1286 if (!rc)
1287 *rcrypto = crypto;
1288 }
1289
1290 gcry_free (key);
1291
1292 if (rc)
1293 cleanup_crypto (&crypto);
1294 else if (!cached)
1295 send_status_all (STATUS_CACHE, NULL);
1296
1297 return rc;
1298 }
1299
1300 gpg_error_t
1301 save_common (const char *filename, struct crypto_s *crypto,
1302 const unsigned char *data, size_t datalen,
1303 const unsigned char *key, size_t keylen, int *cached, int no_agent)
1304 {
1305 struct cache_data_s *cdata;
1306 gpg_error_t rc = 0;
1307 gcry_sexp_t pubkey = NULL;
1308 gcry_sexp_t sigkey = NULL;
1309
1310 /* This is safe since it is a (somewhat) fast operation. */
1311 cache_lock ();
1312 pthread_cleanup_push (cleanup_cache_mutex, NULL);
1313 cdata = cache_get_data_filename (filename);
1314 *cached = cdata != NULL;
1315
1316 if (!cdata)
1317 cdata = xcalloc (1, sizeof (struct cache_data_s));
1318
1319 #ifdef WITH_AGENT
1320 if (use_agent && !no_agent)
1321 {
1322 rc = gcry_sexp_build (&pubkey, NULL, "%S", crypto->pkey_sexp);
1323 if (!rc)
1324 rc = gcry_sexp_build (&sigkey, NULL, "%S", crypto->sigpkey_sexp);
1325 }
1326 #endif
1327
1328 if (!rc)
1329 {
1330 gcry_free (cdata->doc);
1331 cdata->doc = NULL;
1332 cdata->doclen = 0;
1333 rc = encrypt_xml (NULL, cache_key, cache_keysize, GCRY_CIPHER_AES, data,
1334 datalen, &cdata->doc, &cdata->doclen, &cache_iv,
1335 &cache_blocksize);
1336 }
1337
1338 if (!rc)
1339 {
1340 unsigned char md5file[16];
1341
1342 /* Update in case of any --keygrip argument */
1343 if (cdata->pubkey)
1344 gcry_sexp_release (cdata->pubkey);
1345
1346 if (cdata->sigkey)
1347 gcry_sexp_release (cdata->sigkey);
1348
1349 cdata->pubkey = pubkey;
1350 cdata->sigkey = sigkey;
1351 xfree (cdata->key);
1352 cdata->key = NULL;
1353 gcry_md_hash_buffer (GCRY_MD_MD5, md5file, filename, strlen (filename));
1354 rc = cache_set_data (md5file, cdata, crypto->grip);
1355 if (!rc)
1356 {
1357 cdata->key = xmalloc (keylen);
1358 if (!cdata->key)
1359 rc = GPG_ERR_ENOMEM;
1360 else
1361 {
1362 memcpy (cdata->key, key, keylen);
1363 cdata->keylen = keylen;
1364 }
1365 }
1366 }
1367 else
1368 {
1369 if (pubkey)
1370 gcry_sexp_release (pubkey);
1371
1372 if (sigkey)
1373 gcry_sexp_release (sigkey);
1374 }
1375
1376 pthread_cleanup_pop (1); // mutex unlock
1377 return rc;
1378 }
1379
1380 gpg_error_t
1381 getpin_common (assuan_context_t ctx, const char *filename, int which,
1382 char **rkey, size_t *rkeylen)
1383 {
1384 gpg_error_t rc;
1385 struct client_s *client = ctx ? assuan_get_pointer (ctx) : NULL;
1386 struct pinentry_s *pin = pinentry_init (filename);
1387
1388 if (!pin)
1389 return GPG_ERR_ENOMEM;
1390
1391 if (client)
1392 pinentry_merge_options (&pin->pinentry_opts, &client->pinentry_opts);
1393
1394 rc = pinentry_lock (ctx, pin);
1395 if (!rc)
1396 rc = pinentry_getpin (pin, rkey, which);
1397
1398 pinentry_deinit (pin);
1399 if (rc)
1400 return rc;
1401
1402 *rkeylen = strlen (*rkey);
1403 if (!(*rkeylen))
1404 (*rkeylen)++;
1405
1406 return rc;
1407 }
1408
1409 /* Note: 'key' is freed with gcry_free() and not xfree(). Although
1410 * both call xfree(). */
1411 gpg_error_t
1412 inquire_passphrase (assuan_context_t ctx, const char *keyword,
1413 unsigned char **result, size_t *rlen)
1414 {
1415 gpg_error_t rc;
1416
1417 assuan_begin_confidential (ctx);
1418 rc = assuan_inquire (ctx, keyword, result, rlen, 0);
1419 assuan_end_confidential (ctx);
1420 return rc;
1421 }
1422
1423 /* Common to both PKI and non-PKI files. */
1424 gpg_error_t
1425 decrypt_common (assuan_context_t ctx, int inquire, struct crypto_s *crypto,
1426 const char *filename, void **salted_key, size_t *salted_keysize,
1427 unsigned char **rkey, size_t *rkeylen)
1428 {
1429 unsigned char *key = NULL;
1430 size_t keylen = 0;
1431 gpg_error_t rc = read_data_file (filename, crypto);
1432 int algo = cipher_to_gcrypt (crypto->hdr.flags);
1433 void *skey = NULL;
1434 size_t skeysize = 0;
1435
1436 if (salted_key)
1437 *salted_key = NULL;
1438 if (salted_keysize)
1439 *salted_keysize = 0;
1440
1441 if (rkey)
1442 *rkey = NULL;
1443 if (rkeylen)
1444 *rkeylen = 0;
1445
1446 if (rc)
1447 {
1448 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1449 return rc;
1450 }
1451
1452 key = (unsigned char *)config_get_string (filename, "passphrase");
1453 if (key)
1454 {
1455 log_write (_("Trying the passphrase specified in config ..."));
1456 keylen = strlen ((char *)key);
1457 }
1458
1459 if (!key)
1460 {
1461 key = (unsigned char *)config_get_string (filename, "passphrase_file");
1462 if (key)
1463 {
1464 char *tmp = expand_homedir ((char *)key);
1465 int fd;
1466 struct stat st;
1467
1468 xfree (key);
1469 key = (unsigned char *)tmp;
1470 log_write (_("Trying the passphrase using file '%s' ..."), key);
1471 fd = open ((char *)key, O_RDONLY);
1472 if (fd == -1)
1473 {
1474 rc = gpg_error_from_errno (errno);
1475 log_write ("%s: %s", key, pwmd_strerror (rc));
1476 xfree (key);
1477 return rc;
1478 }
1479
1480 if (stat ((char *)key, &st) == -1)
1481 {
1482 rc = gpg_error_from_errno (errno);
1483 log_write ("%s: %s", key, pwmd_strerror (rc));
1484 xfree (key);
1485 close(fd);
1486 return rc;
1487 }
1488
1489 xfree (key);
1490 key = xmalloc (st.st_size);
1491 if (key)
1492 {
1493 if (read (fd, key, st.st_size) != st.st_size)
1494 {
1495 log_write ("short read() count");
1496 rc = GPG_ERR_TOO_SHORT;
1497 }
1498 }
1499 else
1500 rc = GPG_ERR_ENOMEM;
1501
1502 close (fd);
1503
1504 if (rc)
1505 {
1506 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1507 xfree (key);
1508 return rc;
1509 }
1510
1511 keylen = st.st_size;
1512 if (!keylen)
1513 {
1514 tmp = xmalloc (sizeof (unsigned char));
1515 *tmp = 0;
1516 xfree (key);
1517 key = (unsigned char *)tmp;
1518 keylen++;
1519 }
1520 }
1521 }
1522
1523 if (!key && !IS_PKI (crypto) && inquire
1524 && !(crypto->hdr.flags & PWMD_FLAG_NO_PASSPHRASE))
1525 {
1526 rc = inquire_passphrase (ctx, "PASSPHRASE", (unsigned char **)&key,
1527 &keylen);
1528 if (!rc)
1529 if (!keylen)
1530 keylen++;
1531 }
1532 else if (!key && !IS_PKI (crypto))
1533 {
1534 if (crypto->hdr.flags & PWMD_FLAG_NO_PASSPHRASE)
1535 {
1536 keylen = 1;
1537 key = gcry_malloc (keylen);
1538 memset (key, 0, keylen);
1539 }
1540 else
1541 rc = getpin_common (ctx, filename, PINENTRY_OPEN, (char **)&key,
1542 &keylen);
1543 }
1544 else if (key && IS_PKI (crypto))
1545 {
1546 #ifdef WITH_AGENT
1547 rc = set_agent_passphrase (crypto, (char *)key, keylen);
1548 #else
1549 rc = GPG_ERR_NOT_IMPLEMENTED;
1550 #endif
1551 }
1552 else if (!key && IS_PKI (crypto))
1553 {
1554 #ifdef WITH_AGENT
1555 /* The cache entry has been cleared in save_command(). Will prompt. */
1556 rc = set_pinentry_mode (crypto->agent, inquire ? "loopback" : "ask");
1557 #else
1558 rc = GPG_ERR_NOT_IMPLEMENTED;
1559 #endif
1560 }
1561
1562 if (rc)
1563 {
1564 xfree (key);
1565 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1566 return rc;
1567 }
1568
1569 if (key && !IS_PKI (crypto))
1570 {
1571 rc = hash_key (algo, crypto->hdr.salt, sizeof(crypto->hdr.salt), key,
1572 keylen, &skey, &skeysize,
1573 crypto->hdr.version <= 0x03000e ? COMPAT_KDFS2K_ITERATIONS : crypto->hdr.s2k_count);
1574 if (rc)
1575 {
1576 xfree (key);
1577 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1578 return rc;
1579 }
1580
1581 if (rkey)
1582 *rkey = key;
1583 if (rkeylen)
1584 *rkeylen = keylen;
1585 }
1586
1587 xfree (crypto->filename);
1588 crypto->filename = str_dup (filename);
1589 rc = decrypt_data (ctx, crypto, skey, skeysize);
1590 if (rc)
1591 {
1592 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1593 xfree (key);
1594 xfree (skey);
1595 }
1596 else
1597 {
1598 if (salted_key)
1599 *salted_key = skey;
1600 else
1601 xfree (skey);
1602
1603 if (salted_keysize)
1604 *salted_keysize = skeysize;
1605 }
1606
1607 return rc;
1608 }
A server for managing passphrases and anything else.