src/convert.c

   1 /*
   2     Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013
   3     Ben Kibbey <bjk@luxsci.net>
   4
   5     This file is part of pwmd.
   6
   7     Pwmd is free software: you can redistribute it and/or modify
   8     it under the terms of the GNU General Public License as published by
   9     the Free Software Foundation, either version 2 of the License, or
  10     (at your option) any later version.
  11
  12     Pwmd is distributed in the hope that it will be useful,
  13     but WITHOUT ANY WARRANTY; without even the implied warranty of
  14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15     GNU General Public License for more details.
  16
  17     You should have received a copy of the GNU General Public License
  18     along with Pwmd.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20 #ifdef HAVE_CONFIG_H
  21 #include <config.h>
  22 #endif
  23
  24 #include <fcntl.h>
  25 #include <sys/stat.h>
  26 #include <zlib.h>
  27
  28 #include "pwmd-error.h"
  29 #include <gcrypt.h>
  30 #include "convert.h"
  31 #include "xml.h"
  32 #include "mem.h"
  33 #include "util-misc.h"
  34 #include "cache.h"
  35 #include "crypto.h"
  36 #include "pinentry.h"
  37
  38 #ifndef _
  39 #include "gettext.h"
  40 #define _(msgid) gettext(msgid)
  41 #endif
  42
  43 #define KEYSIZE 32
  44
  45 typedef struct
  46 {
  47   uint8_t magic[5];
  48   uint16_t version;
  49   uint64_t iter;
  50   uint64_t flags;
  51   uint8_t iv[16];
  52   uint8_t salt[8];
  53 } v2_file_header_t;
  54
  55 struct gz_s
  56 {
  57   z_stream z;
  58   void *out;
  59   int done;
  60 };
  61
  62 static unsigned char crypto_magic[5] = "\177PWMD";
  63
  64 static void
  65 gz_cleanup (void *arg)
  66 {
  67   struct gz_s **gz = (struct gz_s **) arg;
  68
  69   if (!gz)
  70     return;
  71
  72   if (!(*gz)->done && (*gz)->out)
  73     gcry_free ((*gz)->out);
  74
  75   if ((*gz)->z.zalloc)
  76     inflateEnd (&(*gz)->z);
  77
  78   xfree (*gz);
  79   *gz = NULL;
  80 }
  81
  82 static void *
  83 z_alloc (void *data, unsigned items, unsigned size)
  84 {
  85   return gcry_calloc (items, size);
  86 }
  87
  88 static void
  89 z_free (void *data, void *p)
  90 {
  91   gcry_free (p);
  92 }
  93
  94 #define ZLIB_BUFSIZE    65536
  95
  96 static gpg_error_t
  97 decompress (void *in, unsigned long insize, void * *out,
  98             unsigned long *outsize)
  99 {
 100   struct gz_s *gz;
 101   gz_header h;
 102   char buf[17];
 103   gpg_error_t rc;
 104   int zrc;
 105
 106   gz = xcalloc (1, sizeof (struct gz_s));
 107   if (!gz)
 108     return GPG_ERR_ENOMEM;
 109
 110   gz->z.zalloc = z_alloc;
 111   gz->z.zfree = z_free;
 112   gz->z.next_in = in;
 113   gz->z.avail_in = (uInt) insize;
 114   gz->z.avail_out = ZLIB_BUFSIZE;
 115   gz->z.next_out = gz->out = gcry_malloc (ZLIB_BUFSIZE);
 116   if (!gz->out)
 117     {
 118       gz_cleanup (&gz);
 119       return GPG_ERR_ENOMEM;
 120     }
 121
 122   zrc = inflateInit2 (&gz->z, 47);
 123   if (zrc != Z_OK)
 124     {
 125       gz_cleanup (&gz);
 126       return zrc == Z_MEM_ERROR ? GPG_ERR_ENOMEM : GPG_ERR_COMPR_ALGO;
 127     }
 128
 129   memset (&h, 0, sizeof (gz_header));
 130   h.comment = (unsigned char *) buf;
 131   h.comm_max = sizeof (buf);
 132   zrc = inflateGetHeader (&gz->z, &h);
 133   if (zrc != Z_OK)
 134     {
 135       gz_cleanup (&gz);
 136       return zrc == Z_MEM_ERROR ? GPG_ERR_ENOMEM : GPG_ERR_COMPR_ALGO;
 137     }
 138
 139   zrc = inflate (&gz->z, Z_BLOCK);
 140   if (zrc != Z_OK)
 141     {
 142       gz_cleanup (&gz);
 143       return zrc == Z_MEM_ERROR ? GPG_ERR_ENOMEM : GPG_ERR_COMPR_ALGO;
 144     }
 145
 146   if (h.comment)
 147     insize = strtoul ((char *) h.comment, NULL, 10);
 148
 149   do
 150     {
 151       void *p;
 152
 153       zrc = inflate (&gz->z, Z_FINISH);
 154       switch (zrc)
 155         {
 156         case Z_OK:
 157           break;
 158         case Z_BUF_ERROR:
 159           if (!gz->z.avail_out)
 160             {
 161               p = gcry_realloc (gz->out, gz->z.total_out + ZLIB_BUFSIZE);
 162               if (!p)
 163                 {
 164                   rc = GPG_ERR_ENOMEM;
 165                   goto fail;
 166                 }
 167
 168               gz->out = p;
 169               gz->z.next_out = (unsigned char *) gz->out + gz->z.total_out;
 170               gz->z.avail_out = ZLIB_BUFSIZE;
 171             }
 172           else
 173             {
 174               rc = GPG_ERR_COMPR_ALGO;
 175               goto fail;
 176             }
 177
 178           break;
 179         case Z_STREAM_END:
 180           break;
 181         default:
 182           rc = GPG_ERR_COMPR_ALGO;
 183           goto fail;
 184           break;
 185         }
 186     }
 187   while (zrc != Z_STREAM_END);
 188
 189   *out = gz->out;
 190   *outsize = gz->z.total_out;
 191   gz->done = 1;
 192   gz_cleanup (&gz);
 193   return 0;
 194
 195 fail:
 196   gz_cleanup (&gz);
 197   return rc;
 198 }
 199
 200 static gpg_error_t
 201 decrypt (v2_file_header_t * fh, unsigned char *key,
 202          unsigned char **ciphertext, size_t datalen, void * *result,
 203          size_t * result_len)
 204 {
 205   gpg_error_t rc;
 206   size_t blocksize, keysize, len;
 207   int algo = cipher_to_gcrypt (fh->flags);
 208   gcry_cipher_hd_t gh = NULL;
 209   uint64_t iter = 0ULL;
 210   unsigned char *data = *ciphertext;
 211
 212   *result = NULL;
 213   *result_len = 0;
 214
 215   /* No encryption iterations. This is a plain (gzipped) file. */
 216   if (!fh->iter)
 217     goto decompress;
 218
 219   if (algo == -1)
 220     return GPG_ERR_CIPHER_ALGO;
 221
 222   rc = gcry_cipher_algo_info (algo, GCRYCTL_TEST_ALGO, NULL, NULL);
 223   if (rc)
 224     return rc;
 225
 226   rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &keysize);
 227   if (rc)
 228     return rc;
 229
 230   rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_BLKLEN, NULL, &blocksize);
 231   if (rc)
 232     return rc;
 233
 234   rc = gcry_cipher_open (&gh, algo, GCRY_CIPHER_MODE_CBC, 0);
 235   if (rc)
 236     return rc;
 237
 238   if ((rc = gcry_cipher_setiv (gh, fh->iv, blocksize)))
 239     goto fail;
 240
 241   if ((rc = gcry_cipher_setkey (gh, key, keysize)))
 242     goto fail;
 243
 244   rc = gcry_cipher_decrypt (gh, data, datalen, NULL, 0);
 245   if (rc)
 246     goto fail;
 247
 248   key[0] ^= 1;
 249   if ((rc = gcry_cipher_setkey (gh, key, keysize)))
 250     goto fail;
 251
 252   while (++iter < fh->iter)
 253     {
 254       if ((rc = gcry_cipher_setiv (gh, fh->iv, blocksize)))
 255         goto fail;
 256
 257       rc = gcry_cipher_decrypt (gh, data, datalen, NULL, 0);
 258       if (rc)
 259         goto fail;
 260     }
 261
 262 decompress:
 263   len = 0;
 264   if (fh->version >= 0x218 && fh->iter > 0ULL)
 265     {
 266       if (memcmp (data, crypto_magic, sizeof (crypto_magic)))
 267         {
 268           rc = GPG_ERR_BAD_PASSPHRASE;
 269           goto fail;
 270         }
 271
 272       len = sizeof (crypto_magic);
 273     }
 274
 275   rc =
 276     decompress (data + len, datalen - len, result,
 277                 (unsigned long *) result_len);
 278   if (rc)
 279     {
 280       if (fh->version < 0x218 && rc == GPG_ERR_COMPR_ALGO)
 281         rc = GPG_ERR_BAD_PASSPHRASE;
 282       goto fail;
 283     }
 284
 285   if (strncasecmp ((char *) *result, "<?xml ", 6) != 0)
 286     {
 287       gcry_free (*result);
 288       *result = NULL;
 289       *result_len = 0;
 290       rc = GPG_ERR_BAD_PASSPHRASE;
 291       goto fail;
 292     }
 293
 294 fail:
 295   if (gh)
 296     gcry_cipher_close (gh);
 297
 298   return rc;
 299 }
 300
 301 gpg_error_t
 302 read_v2_datafile (const char *filename, const char *keyfile,
 303                   void * *result, size_t * result_len, uint16_t * ver,
 304                   int *algo)
 305 {
 306   gpg_error_t rc;
 307   int fd;
 308   v2_file_header_t fh;
 309   size_t len, passphraselen, datalen;
 310 #ifdef WITH_AGENT
 311   struct agent_s *agent = NULL;
 312 #endif
 313   char *passphrase = NULL;
 314   unsigned char *data = NULL;
 315   struct stat st;
 316   unsigned char *key = NULL;
 317   FILE *fp;
 318
 319   if (stat (filename, &st) == -1)
 320     return gpg_error_from_syserror ();
 321
 322   fd = open (filename, O_RDONLY);
 323   if (fd == -1)
 324     return gpg_error_from_syserror ();
 325
 326   len = read (fd, &fh, sizeof (fh) - 8);
 327   if (len != sizeof (fh) - 8)
 328     {
 329       rc = GPG_ERR_INV_LENGTH;
 330       goto fail;
 331     }
 332
 333   if (fh.version >= 0x221)
 334     {
 335       len = read (fd, &fh.salt, 8);
 336       if (len != 8)
 337         {
 338           rc = GPG_ERR_INV_LENGTH;
 339           goto fail;
 340         }
 341     }
 342
 343   *ver = fh.version;
 344   *algo = cipher_to_gcrypt (fh.flags);
 345
 346 #ifdef WITH_AGENT
 347   if (use_agent && !keyfile && fh.iter > 0)
 348     {
 349       char *desc;
 350
 351       rc = agent_init (&agent);
 352       if (rc)
 353         goto fail;
 354
 355       desc = plus_escape (_
 356                           ("A passphrase is required to decrypt the file for "
 357                            "converting. Please enter the passphrase below."));
 358       rc = agent_set_pinentry_options (agent);
 359       if (rc)
 360         goto fail;
 361
 362       assuan_begin_confidential (agent->ctx);
 363       rc = send_to_agent (agent, &passphrase, &passphraselen,
 364                           "GET_PASSPHRASE --data pwmd:convert + %s %s",
 365                           _("Passphrase:"), desc);
 366       assuan_end_confidential (agent->ctx);
 367       xfree (desc);
 368       if (rc)
 369         goto fail;
 370
 371       passphraselen--;          // null byte
 372       send_to_agent (agent, NULL, NULL, "CLEAR_PASSPHRASE pwmd:convert");
 373       cleanup_agent (agent);
 374       agent = NULL;
 375     }
 376     else if (keyfile && fh.iter > 0)
 377 #else
 378     if (keyfile && fh.iter > 0)
 379 #endif
 380     {
 381       struct stat pst;
 382       int pfd = open (keyfile, O_RDONLY);
 383
 384       if (pfd == -1)
 385         {
 386           rc = gpg_error_from_syserror ();
 387           goto fail;
 388         }
 389
 390       if (stat (keyfile, &pst) == -1)
 391         {
 392           rc = gpg_error_from_syserror ();
 393           close (pfd);
 394           goto fail;
 395         }
 396
 397       passphrase = xmalloc (pst.st_size);
 398       if (!passphrase)
 399         {
 400           rc = GPG_ERR_ENOMEM;
 401           close (pfd);
 402           goto fail;
 403         }
 404
 405       passphraselen = read (pfd, passphrase, pst.st_size);
 406       close (pfd);
 407       if (passphraselen != pst.st_size)
 408         {
 409           rc = GPG_ERR_INV_LENGTH;
 410           goto fail;
 411         }
 412     }
 413     else if (fh.iter > 0)
 414       {
 415         rc = getpin_common (NULL, filename, PINENTRY_OPEN, &passphrase,
 416                             &passphraselen);
 417         if (rc)
 418           goto fail;
 419       }
 420
 421   key = gcry_malloc (KEYSIZE);
 422   if (!key)
 423     {
 424       rc = GPG_ERR_ENOMEM;
 425       goto fail;
 426     }
 427
 428   fp = fdopen (fd, "r");
 429   len = st.st_size - ftell (fp);
 430
 431   if (fh.version >= 0x221 && fh.version < 0x0300)
 432     {
 433       rc = gcry_kdf_derive (passphrase, passphraselen, GCRY_KDF_ITERSALTED_S2K,
 434                             GCRY_MD_SHA1, fh.salt, 8, 1000, KEYSIZE, key);
 435       if (rc)
 436         goto fail;
 437     }
 438   else
 439     gcry_md_hash_buffer (GCRY_MD_SHA256, key, passphrase, passphraselen);
 440
 441   data = gcry_malloc (len);
 442   if (!data)
 443     {
 444       rc = GPG_ERR_ENOMEM;
 445       goto fail;
 446     }
 447
 448   datalen = read (fd, data, len);
 449   if (datalen != len)
 450     {
 451       rc = GPG_ERR_INV_LENGTH;
 452       goto fail;
 453     }
 454
 455   fprintf (stderr, _("Decrypting ...\n"));
 456   rc = decrypt (&fh, key, &data, datalen, result, result_len);
 457
 458 fail:
 459   gcry_free (key);
 460   gcry_free (data);
 461   xfree (passphrase);
 462
 463 #ifdef WITH_AGENT
 464   if (agent)
 465     cleanup_agent (agent);
 466 #endif
 467
 468   if (fd != -1)
 469     close (fd);
 470   return rc;
 471 }