search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix PASSWD and SAVE for symmetric encrypted files.
[pwmd.git] / src / crypto.c
blob387fa818a5e3ba5036a73507dc6730ac79de3d8b
1 #ifdef HAVE_CONFIG_H
2 #include <config.h>
3 #endif
4
5 #include <stdio.h>
6 #include <sys/types.h>
7 #include <sys/stat.h>
8 #include <fcntl.h>
9 #include <errno.h>
10
11 #ifdef WITH_LIBACL
12 #include <sys/acl.h>
13 #endif
14
15 #include "pwmd-error.h"
16 #include "common.h"
17 #include "rcfile.h"
18 #include "pinentry.h"
19 #include "crypto.h"
20 #include "cache.h"
21 #include "mem.h"
22 #include "util-misc.h"
23 #include "util-string.h"
24
25 static uint8_t pwmd_magic[5] = { '\177', 'P', 'W', 'M', 'D' };
26
27 void
28 set_header_defaults (file_header_t * hdr)
29 {
30 char *s = config_get_string (NULL, "cipher");
31 int flags = cipher_string_to_cipher (s);
32
33 xfree (s);
34 memset (hdr, 0, sizeof (file_header_t));
35 memcpy (hdr->magic, pwmd_magic, sizeof (hdr->magic));
36 if (flags == -1)
37 log_write (_
38 ("Invalid 'cipher' in configuration file. Using a default of aes256."));
39 hdr->flags = flags == -1 ? PWMD_CIPHER_AES256 : flags;
40 hdr->version = VERSION_HEX;
41
42 #ifdef WITH_AGENT
43 if (use_agent)
44 hdr->flags |= PWMD_FLAG_PKCS;
45 #endif
46 }
47
48 gpg_error_t
49 read_data_header (const char *filename, file_header_t * rhdr,
50 struct stat *rst, int *rfd)
51 {
52 gpg_error_t rc = 0;
53 size_t len;
54 struct stat st;
55 file_header_t hdr;
56 int fd;
57
58 if (lstat (filename, &st) == -1)
59 return gpg_error_from_syserror ();
60
61 if (!S_ISREG (st.st_mode))
62 return GPG_ERR_ENOANO;
63
64 fd = open (filename, O_RDONLY);
65 if (fd == -1)
66 return gpg_error_from_syserror ();
67
68 len = read (fd, &hdr, sizeof (file_header_t));
69 if (len != sizeof (file_header_t))
70 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
71
72 if (!rc && memcmp (hdr.magic, pwmd_magic, sizeof (hdr.magic)))
73 rc = GPG_ERR_BAD_DATA;
74 else if (hdr.version < 0x030000)
75 rc = GPG_ERR_UNKNOWN_VERSION;
76
77 if (rc)
78 close (fd);
79 else
80 {
81 if (rhdr)
82 *rhdr = hdr;
83 if (rst)
84 *rst = st;
85 if (rfd)
86 *rfd = fd;
87 else
88 close (fd);
89 }
90
91 return rc;
92 }
93
94 gpg_error_t
95 read_data_file (const char *filename, struct crypto_s * crypto)
96 {
97 int fd;
98 gpg_error_t rc = 0;
99 size_t len, rlen;
100 char *buf = NULL;
101 struct stat st;
102
103 cleanup_crypto_stage1 (crypto);
104 rc = read_data_header (filename, &crypto->hdr, &st, &fd);
105 if (rc)
106 return rc;
107
108 crypto->ciphertext_len = crypto->hdr.datalen;
109 crypto->ciphertext = xmalloc (crypto->hdr.datalen);
110 if (!crypto->ciphertext)
111 {
112 rc = GPG_ERR_ENOMEM;
113 goto fail;
114 }
115
116 if (crypto->hdr.flags & PWMD_FLAG_PKCS)
117 {
118 rlen = read (fd, crypto->grip, 20);
119 if (rlen != 20)
120 {
121 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
122 goto fail;
123 }
124
125 rlen = read (fd, crypto->sign_grip, 20);
126 if (rlen != 20)
127 {
128 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
129 goto fail;
130 }
131 }
132
133 len = read (fd, crypto->ciphertext, crypto->hdr.datalen);
134 if (len != crypto->hdr.datalen)
135 {
136 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
137 goto fail;
138 }
139
140 if (!(crypto->hdr.flags & PWMD_FLAG_PKCS))
141 goto fail;
142
143 #ifndef WITH_AGENT
144 rc = GPG_ERR_NOT_IMPLEMENTED;
145 goto fail;
146 #else
147 if (!use_agent)
148 return GPG_ERR_NOT_IMPLEMENTED;
149
150 len = st.st_size - sizeof (file_header_t) - crypto->hdr.datalen - 40;
151 buf = xmalloc (len);
152 if (!buf)
153 {
154 rc = GPG_ERR_ENOMEM;
155 goto fail;
156 }
157
158 rlen = read (fd, buf, len);
159 if (rlen != len)
160 {
161 rc = rc == -1 ? gpg_error_from_syserror () : GPG_ERR_BAD_DATA;
162 goto fail;
163 }
164
165 rc = gcry_sexp_new (&crypto->ciphertext_sexp, buf, rlen, 1);
166 if (rc)
167 goto fail;
168
169 if (crypto->pkey_sexp)
170 gcry_sexp_release (crypto->pkey_sexp);
171
172 if (crypto->sigpkey_sexp)
173 gcry_sexp_release (crypto->sigpkey_sexp);
174
175 crypto->pkey_sexp = crypto->sigpkey_sexp = NULL;
176 rc = get_pubkey_bin (crypto, crypto->grip, &crypto->pkey_sexp);
177 if (!rc)
178 rc = get_pubkey_bin (crypto, crypto->sign_grip, &crypto->sigpkey_sexp);
179 #endif
180
181 fail:
182 close (fd);
183 xfree (buf);
184 return rc;
185 }
186
187 #define CRYPTO_BLOCKSIZE(c) (blocksize * 1024)
188
189 /*
190 * Useful for a large amount of data. Rather than doing all of the data in one
191 * iteration do it in chunks. This lets the command be cancelable rather than
192 * waiting for it to complete.
193 */
194 static gpg_error_t
195 iterate_crypto_once (gcry_cipher_hd_t h, unsigned char *inbuf,
196 size_t insize, size_t blocksize, status_msg_t which)
197 {
198 gpg_error_t rc = 0;
199 off_t len = CRYPTO_BLOCKSIZE (blocksize);
200 void *p = gcry_malloc (len);
201 off_t total = 0;
202 unsigned char *inbuf2;
203
204 if (!p)
205 return GPG_ERR_ENOMEM;
206
207 if (insize < CRYPTO_BLOCKSIZE (blocksize))
208 len = insize;
209
210 pthread_cleanup_push (gcry_free, p);
211
212 for (;;)
213 {
214 inbuf2 = inbuf + total;
215 unsigned char *tmp;
216
217 if (len + total > insize)
218 len = blocksize;
219
220 if (which == STATUS_ENCRYPT)
221 rc = gcry_cipher_encrypt (h, p, len, inbuf2, len);
222 else
223 rc = gcry_cipher_decrypt (h, p, len, inbuf2, len);
224
225 if (rc)
226 break;
227
228 tmp = inbuf + total;
229 memmove (tmp, p, len);
230 total += len;
231 if (total >= insize)
232 break;
233
234 #ifdef HAVE_PTHREAD_TESTCANCEL
235 pthread_testcancel ();
236 #endif
237 }
238
239 pthread_cleanup_pop (1);
240 return rc;
241 }
242
243 static void
244 cleanup_cipher (void *arg)
245 {
246 gcry_cipher_close ((gcry_cipher_hd_t) arg);
247 }
248
249 gpg_error_t
250 decrypt_data (assuan_context_t ctx, struct crypto_s *crypto,
251 unsigned char *salted_key, size_t skeylen)
252 {
253 gpg_error_t rc = 0;
254 unsigned char *key = salted_key;
255 size_t keylen = skeylen;
256 gcry_cipher_hd_t h = NULL;
257 size_t blocksize, keysize = 0;
258 int algo = cipher_to_gcrypt (crypto->hdr.flags);
259 void *outbuf = NULL;
260 uint64_t n = crypto->hdr.iterations;
261 long progress = 0;
262 #ifdef WITH_AGENT
263 gcry_sexp_t sig_sexp;
264
265 if (crypto->hdr.flags & PWMD_FLAG_PKCS)
266 {
267 rc = agent_extract_key (crypto, &key, &keylen);
268 if (rc)
269 return rc;
270
271 sig_sexp = gcry_sexp_find_token (crypto->ciphertext_sexp, "sig-val", 0);
272 if (!sig_sexp)
273 {
274 gcry_free (key);
275 return GPG_ERR_BAD_DATA;
276 }
277
278 rc = agent_verify (crypto->sigpkey_sexp, sig_sexp, crypto->ciphertext,
279 crypto->ciphertext_len);
280 gcry_sexp_release (sig_sexp);
281 }
282 #endif
283
284 if (!rc)
285 {
286 rc = gcry_cipher_open (&h, algo, GCRY_CIPHER_MODE_CBC, 0);
287 if (!rc)
288 {
289 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL,
290 &keysize);
291 if (!rc)
292 {
293 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_BLKLEN, NULL,
294 &blocksize);
295 if (!rc)
296 {
297 rc = gcry_cipher_setiv (h, crypto->hdr.iv,
298 sizeof (crypto->hdr.iv));
299 if (!rc)
300 {
301 rc = gcry_cipher_setkey (h, key, keylen);
302 }
303 }
304 }
305 }
306 }
307
308 pthread_cleanup_push (cleanup_cipher, rc ? NULL : h);
309
310 if (!rc)
311 {
312 outbuf = gcry_malloc (crypto->hdr.datalen);
313 if (!outbuf)
314 rc = GPG_ERR_ENOMEM;
315 }
316
317 pthread_cleanup_push (gcry_free, outbuf);
318 #ifdef WITH_AGENT
319 pthread_cleanup_push (gcry_free, key);
320 #endif
321
322 if (!rc)
323 {
324 memcpy (outbuf, crypto->ciphertext, crypto->hdr.datalen);
325 rc = iterate_crypto_once (h, outbuf, crypto->hdr.datalen, blocksize,
326 STATUS_DECRYPT);
327 if (!rc)
328 {
329 key[0] ^= 1;
330 rc = gcry_cipher_setkey (h, key, keylen);
331 }
332 }
333
334 if (!rc)
335 {
336 progress = config_get_long (NULL, "cipher_progress");
337 if (progress == -1)
338 progress = strtol (DEFAULT_ITERATION_PROGRESS, NULL, 10);
339 }
340
341 if (!rc && ctx && crypto->hdr.iterations)
342 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu", 0,
343 crypto->hdr.iterations);
344
345 for (n = 0; !rc && n < crypto->hdr.iterations; n++)
346 {
347 if (ctx && !(n % progress))
348 {
349 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu", n,
350 crypto->hdr.iterations);
351 if (rc)
352 break;
353 }
354
355 rc = gcry_cipher_setiv (h, crypto->hdr.iv, sizeof (crypto->hdr.iv));
356 if (rc)
357 break;
358
359 rc = iterate_crypto_once (h, outbuf, crypto->hdr.datalen, blocksize,
360 STATUS_DECRYPT);
361 }
362
363 if (!rc && ctx && crypto->hdr.iterations)
364 rc = send_status (ctx, STATUS_DECRYPT, "%llu %llu", n,
365 crypto->hdr.iterations);
366
367 #ifdef WITH_AGENT
368 pthread_cleanup_pop (0);
369 if (crypto->hdr.flags & PWMD_FLAG_PKCS)
370 gcry_free (key);
371 else if (key)
372 key[0] ^= 1;
373 #else
374 key[0] ^= 1;
375 #endif
376 pthread_cleanup_pop (rc ? 1 : 0); /* outbuf */
377 pthread_cleanup_pop (1); /* cipher */
378 if (!rc)
379 {
380 char buf[] = "<?xml ";
381
382 if (memcmp (outbuf, buf, sizeof(buf)-1))
383 {
384 gcry_free (outbuf);
385 return gpg_error (GPG_ERR_BAD_PASSPHRASE);
386 }
387
388 crypto->plaintext = outbuf;
389 crypto->plaintext_len = crypto->hdr.datalen;
390 }
391
392 return rc;
393 }
394
395 gpg_error_t
396 decrypt_xml (struct crypto_s * crypto, const void *data, size_t len)
397 {
398 gcry_cipher_hd_t h = NULL;
399 gpg_error_t rc;
400
401 rc = gcry_cipher_open (&h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
402 if (rc)
403 return rc;
404
405 gcry_free (crypto->plaintext);
406 crypto->plaintext = gcry_malloc (len);
407 if (!crypto->plaintext)
408 {
409 rc = GPG_ERR_ENOMEM;
410 goto done;
411 }
412
413 rc = gcry_cipher_setiv (h, cache_iv, cache_blocksize);
414 if (rc)
415 goto done;
416
417 rc = gcry_cipher_setkey (h, cache_key, cache_keysize);
418 if (rc)
419 goto done;
420
421 rc = gcry_cipher_decrypt (h, crypto->plaintext, len, data, len);
422 if (rc || strncmp (crypto->plaintext, "<?xml ", 6))
423 {
424 if (!rc)
425 rc = GPG_ERR_BAD_DATA;
426
427 gcry_free (crypto->plaintext);
428 crypto->plaintext = NULL;
429 }
430
431 crypto->plaintext_len = len;
432
433 done:
434 if (h)
435 gcry_cipher_close (h);
436
437 return rc;
438 }
439
440 gpg_error_t
441 encrypt_xml (assuan_context_t ctx, void *key, size_t keylen,
442 int algo, const void *xml, size_t len, void * *result,
443 size_t *result_len, unsigned char **iv, size_t * iv_len,
444 uint64_t iter)
445 {
446 gpg_error_t rc;
447 gcry_cipher_hd_t h;
448 size_t blocksize, keysize;
449 void *inbuf = NULL;
450 size_t olen = len;
451 uint64_t n = 0;
452 long progress;
453 unsigned char *tmpkey = NULL;
454 int free_iv = *(iv_len) == 0;
455
456 rc = gcry_cipher_open (&h, algo, GCRY_CIPHER_MODE_CBC, 0);
457 if (rc)
458 return rc;
459
460 pthread_cleanup_push (cleanup_cipher, h);
461 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &keysize);
462 if (!rc)
463 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_BLKLEN, NULL, &blocksize);
464
465 if (!rc && *(iv_len) == 0)
466 {
467 *(iv) = xmalloc (blocksize);
468 if (!*(iv))
469 rc = GPG_ERR_ENOMEM;
470
471 gcry_create_nonce (*(iv), blocksize);
472 }
473
474 pthread_cleanup_push (xfree, *(iv_len) == 0 ? *(iv) : NULL);
475 if (!rc)
476 {
477 *iv_len = blocksize;
478 tmpkey = gcry_malloc (keylen);
479 if (!tmpkey)
480 rc = GPG_ERR_ENOMEM;
481 }
482
483 pthread_cleanup_push (gcry_free, tmpkey);
484
485 if (!rc)
486 {
487 memcpy (tmpkey, key, keylen);
488 tmpkey[0] ^= 1;
489 rc = gcry_cipher_setkey (h, tmpkey, keylen);
490 if (!rc)
491 {
492 if (len % blocksize)
493 len += blocksize - (len % blocksize);
494 }
495 }
496
497 if (!rc)
498 {
499 inbuf = gcry_malloc (len);
500 if (!inbuf)
501 rc = GPG_ERR_ENOMEM;
502 }
503
504 pthread_cleanup_push (gcry_free, inbuf);
505
506 if (!rc)
507 {
508 memset (inbuf, 0, len);
509 memcpy (inbuf, xml, olen);
510 progress = config_get_long (NULL, "cipher_progress");
511 if (progress == -1)
512 progress = strtol (DEFAULT_ITERATION_PROGRESS, NULL, 10);
513
514 if (!rc && ctx && iter)
515 rc = send_status (ctx, STATUS_ENCRYPT, "%llu %llu", 0, iter);
516
517 for (n = 0; !rc && n < iter; n++)
518 {
519 if (ctx && !(n % progress))
520 {
521 rc = send_status (ctx, STATUS_ENCRYPT, "%llu %llu", n, iter);
522 if (rc)
523 break;
524 }
525
526 rc = gcry_cipher_setiv (h, *(iv), blocksize);
527 if (rc)
528 break;
529
530 rc = iterate_crypto_once (h, inbuf, len, blocksize, STATUS_ENCRYPT);
531 }
532 }
533
534 if (!rc && ctx && iter)
535 rc = send_status (ctx, STATUS_ENCRYPT, "%llu %llu", n, iter);
536
537 if (!rc)
538 {
539 /* Do at least one iteration. */
540 rc = gcry_cipher_setiv (h, *(iv), blocksize);
541 if (!rc)
542 {
543 rc = gcry_cipher_setkey (h, key, keylen);
544 if (!rc)
545 rc = iterate_crypto_once (h, inbuf, len, blocksize,
546 STATUS_ENCRYPT);
547 }
548 }
549
550 pthread_cleanup_pop (rc ? 1 : 0); /* inbuf */
551 pthread_cleanup_pop (1); /* tmpkey */
552 pthread_cleanup_pop (rc && free_iv ? 1 : 0); /* iv */
553 pthread_cleanup_pop (1); /* cipher */
554 *result = rc ? NULL : inbuf;
555 *result_len = len;
556 return rc;
557 }
558
559 void
560 cleanup_save (struct save_s *save)
561 {
562 if (!save)
563 return;
564
565 #ifdef WITH_AGENT
566 if (save->pkey)
567 gcry_sexp_release (save->pkey);
568
569 if (save->sigpkey)
570 gcry_sexp_release (save->sigpkey);
571 #endif
572
573 memset (save, 0, sizeof (struct save_s));
574 }
575
576 /* Keep the agent ctx to retain pinentry options which will be freed in
577 * cleanup_cb(). Also keep .pubkey since it may be needed for a SAVE. */
578 void
579 cleanup_crypto_stage1 (struct crypto_s *cr)
580 {
581 if (!cr)
582 return;
583
584 cleanup_save (&cr->save);
585
586 #ifdef WITH_AGENT
587 if (cr->ciphertext_sexp)
588 gcry_sexp_release (cr->ciphertext_sexp);
589
590 cr->ciphertext_sexp = NULL;
591 #endif
592
593 gcry_free (cr->plaintext);
594 xfree (cr->ciphertext);
595 xfree (cr->filename);
596 cr->filename = NULL;
597 cr->ciphertext = NULL;
598 cr->ciphertext_len = 0;
599 cr->plaintext = NULL;
600 cr->plaintext_len = 0;
601 }
602
603 void
604 cleanup_crypto_stage2 (struct crypto_s *cr)
605 {
606 if (!cr)
607 return;
608
609 cleanup_crypto_stage1 (cr);
610 set_header_defaults (&cr->hdr);
611 }
612
613 void
614 cleanup_crypto (struct crypto_s **c)
615 {
616 struct crypto_s *cr = *c;
617
618 if (!cr)
619 return;
620
621 cleanup_crypto_stage2 (cr);
622
623 #ifdef WITH_AGENT
624 if (cr->pkey_sexp)
625 gcry_sexp_release (cr->pkey_sexp);
626
627 if (cr->sigpkey_sexp)
628 gcry_sexp_release (cr->sigpkey_sexp);
629
630 if (cr->agent)
631 cleanup_agent (cr->agent);
632 #endif
633
634 xfree (cr);
635 *c = NULL;
636 }
637
638 gpg_error_t
639 init_client_crypto (struct crypto_s **crypto)
640 {
641 struct crypto_s *new = xcalloc (1, sizeof (struct crypto_s));
642 gpg_error_t rc;
643
644 if (!new)
645 {
646 rc = GPG_ERR_ENOMEM;
647 return rc;
648 }
649
650 #ifdef WITH_AGENT
651 if (use_agent)
652 {
653 rc = agent_init (&new->agent);
654 if (!rc)
655 {
656 rc = send_agent_common_options (new->agent);
657 if (!rc)
658 rc = agent_set_pinentry_options (new->agent);
659 }
660
661 if (rc)
662 {
663 xfree (new);
664 return rc;
665 }
666 }
667 #endif
668
669 set_header_defaults (&new->hdr);
670 *crypto = new;
671 return 0;
672 }
673
674 gpg_error_t
675 export_common (assuan_context_t ctx, struct crypto_s * crypto,
676 int no_passphrase, const void *data, size_t datalen,
677 const char *outfile, const char *keyfile, void **rkey,
678 size_t *rkeylen, int use_cache, int force)
679 {
680 gpg_error_t rc = 0;
681 void *enc_xml = NULL;
682 size_t enc_xml_len = 0;
683 unsigned char *iv = NULL;
684 size_t iv_len = 0;
685 int algo = cipher_to_gcrypt (crypto->save.hdr.flags);
686 void *key = NULL, *salted_key = NULL;
687 size_t keysize, keylen;
688 int cached = 0;
689
690 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &keysize);
691 if (rc)
692 return rc;
693
694 if (keyfile)
695 {
696 int fd;
697 unsigned char *buf;
698 size_t len;
699 struct stat st;
700
701 if (stat (keyfile, &st) == -1)
702 return gpg_error_from_syserror ();
703
704 buf = gcry_malloc (st.st_size);
705 if (!buf)
706 return GPG_ERR_ENOMEM;
707
708 fd = open (keyfile, O_RDONLY);
709 if (fd == -1)
710 rc = gpg_error_from_syserror ();
711 else
712 {
713 len = read (fd, buf, st.st_size);
714 if (len != st.st_size)
715 rc = GPG_ERR_TOO_SHORT;
716 }
717
718 if (fd != -1)
719 close (fd);
720
721 key = buf;
722 keylen = st.st_size;
723 log_write (_("Using passphrase obtained from file '%s'"), keyfile);
724 }
725 else
726 {
727 if (use_cache)
728 {
729 cache_lock ();
730 cached = cache_iscached (outfile, NULL) == 0;
731 if (cached)
732 {
733 struct cache_data_s *cdata = cache_get_data_filename (outfile);
734
735 salted_key = gcry_malloc (cdata->keylen);
736 if (salted_key)
737 {
738 memcpy (salted_key, cdata->key, cdata->keylen);
739 keysize = cdata->keylen;
740 }
741 else
742 rc = GPG_ERR_ENOMEM;
743 }
744
745 cache_unlock ();
746 }
747
748 if (!rc && !cached)
749 {
750 if (force) // SAVE
751 {
752 struct crypto_s *tmp = NULL;
753 gpg_error_t rc = init_client_crypto (&tmp);
754
755 if (!rc)
756 {
757 rc = read_data_file (outfile, tmp);
758 if (!rc)
759 {
760 rc = decrypt_common (tmp, outfile, (char **)&key, &keylen);
761 if (rc)
762 gcry_free (key);
763 }
764 }
765
766 cleanup_crypto (&tmp);
767 if (rc)
768 return rc;
769 }
770
771 if (!use_cache) // PASSWD
772 {
773 rc = getpin_common (outfile, PINENTRY_SAVE, (char **)&key, &keylen);
774 if (rc)
775 return rc;
776 }
777 else
778 {
779 salted_key = key;
780 keysize = keylen;
781 cached = 1;
782 }
783 }
784 }
785
786 if (!rc && !cached)
787 {
788 salted_key = gcry_malloc (keysize);
789 if (!salted_key)
790 {
791 gcry_free (key);
792 return GPG_ERR_ENOMEM;
793 }
794
795 gcry_create_nonce (crypto->save.hdr.salt, sizeof(crypto->save.hdr.salt));
796 rc = gcry_kdf_derive(key, keylen, GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA1,
797 crypto->save.hdr.salt, 8, DEFAULT_KDFS2K_ITERATIONS,
798 keysize, salted_key);
799 gcry_free (key);
800 }
801
802 if (!rc)
803 rc = encrypt_xml (ctx, salted_key, keysize, algo, data, datalen,
804 &enc_xml, &enc_xml_len, &iv, &iv_len,
805 crypto->save.hdr.iterations);
806
807 if (!rc)
808 {
809 memcpy (crypto->save.hdr.iv, iv, iv_len);
810 xfree (iv);
811 crypto->save.hdr.datalen = enc_xml_len;
812 rc = write_file (crypto, outfile, enc_xml, enc_xml_len, NULL, 0, NULL,
813 NULL);
814 gcry_free (enc_xml);
815 if (!rc)
816 {
817 *rkey = salted_key;
818 *rkeylen = keysize;
819 memcpy (&crypto->hdr, &crypto->save.hdr, sizeof (file_header_t));
820 }
821 }
822
823 if (rc)
824 gcry_free (salted_key);
825
826 return rc;
827 }
828
829 #ifdef WITH_LIBACL
830 static void
831 cleanup_acl (void *arg)
832 {
833 acl_t acl = *(acl_t *) arg;
834
835 if (acl)
836 acl_free (acl);
837 }
838 #endif
839
840 gpg_error_t
841 write_file (struct crypto_s *crypto, const char *filename,
842 void *data, size_t data_len, void *sexp, size_t sexp_len,
843 void *pubkey, void *sigpkey)
844 {
845 char tmp[FILENAME_MAX] = { 0 };
846 mode_t mode = 0;
847 struct stat st;
848 int fd;
849 gpg_error_t rc = 0;
850 size_t len;
851 #ifdef WITH_LIBACL
852 acl_t acl = NULL;
853 #endif
854
855 if (filename)
856 {
857 if (lstat (filename, &st) == 0)
858 {
859 mode = st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO);
860
861 if (!(mode & S_IWUSR))
862 return GPG_ERR_EACCES;
863 }
864 else if (errno != ENOENT)
865 return gpg_error_from_syserror ();
866
867 snprintf (tmp, sizeof (tmp), "%s.XXXXXX", filename);
868 fd = mkstemp (tmp);
869 if (fd == -1)
870 {
871 rc = gpg_error_from_syserror ();
872 log_write ("%s: %s", tmp, pwmd_strerror (rc));
873 return rc;
874 }
875 }
876 else
877 {
878 // xml_import() or convert_file() from command line.
879 fd = STDOUT_FILENO;
880 }
881
882 pthread_cleanup_push (cleanup_unlink_cb, tmp);
883 crypto->save.hdr.version = VERSION_HEX;
884 len = write (fd, &crypto->save.hdr, sizeof (file_header_t));
885 if (len == sizeof (file_header_t))
886 {
887 if (crypto->save.hdr.flags & PWMD_FLAG_PKCS)
888 {
889 unsigned char grip[20];
890
891 gcry_pk_get_keygrip ((gcry_sexp_t) pubkey, grip);
892 len = write (fd, grip, sizeof (grip));
893 if (len == sizeof (grip))
894 {
895 gcry_pk_get_keygrip ((gcry_sexp_t) sigpkey, grip);
896 len = write (fd, grip, sizeof (grip));
897 if (len == sizeof (grip))
898 {
899 len = write (fd, data, data_len);
900 if (len == data_len)
901 {
902 len = write (fd, sexp, sexp_len);
903 if (len != sexp_len)
904 rc = gpg_error_from_syserror ();
905 }
906 else
907 rc = gpg_error_from_syserror ();
908 }
909 }
910 else
911 rc = gpg_error_from_syserror ();
912 }
913 else
914 {
915 len = write (fd, data, data_len);
916 if (len != data_len)
917 rc = gpg_error_from_syserror ();
918 }
919 }
920 else
921 rc = gpg_error_from_syserror ();
922
923 #ifdef WITH_LIBACL
924 pthread_cleanup_push (cleanup_acl, &acl);
925 #endif
926 if (!rc)
927 {
928 if (fsync (fd) != -1)
929 {
930 if (filename && close (fd) != -1)
931 {
932 #ifdef WITH_LIBACL
933 acl = acl_get_file (filename, ACL_TYPE_ACCESS);
934 if (!acl && errno == ENOENT)
935 acl = acl_get_file (".", ACL_TYPE_DEFAULT);
936 if (!acl)
937 log_write ("ACL: %s: %s", filename,
938 pwmd_strerror (gpg_error_from_syserror ()));
939 #endif
940
941 if (mode && config_get_boolean (filename, "backup"))
942 {
943 char tmp2[FILENAME_MAX];
944
945 snprintf (tmp2, sizeof (tmp2), "%s.backup", filename);
946 if (rename (filename, tmp2) == -1)
947 rc = gpg_error_from_syserror ();
948 }
949 }
950 else if (filename)
951 rc = gpg_error_from_syserror ();
952 }
953 else
954 rc = gpg_error_from_syserror ();
955 }
956
957 if (!rc)
958 {
959 if (filename && rename (tmp, filename) != -1)
960 {
961 tmp[0] = 0;
962 if (filename && mode)
963 chmod (filename, mode);
964
965 #ifdef WITH_LIBACL
966 if (acl && acl_set_file (filename, ACL_TYPE_ACCESS, acl))
967 log_write ("ACL: %s: %s", filename,
968 pwmd_strerror (gpg_error_from_syserror ()));
969 #endif
970 }
971 else
972 rc = gpg_error_from_syserror ();
973 }
974
975 #ifdef WITH_LIBACL
976 pthread_cleanup_pop (1);
977 #endif
978 pthread_cleanup_pop (rc ? 1 : 0); // unlink
979 return rc;
980 }
981
982 gpg_error_t
983 change_passwd (const char *filename, struct crypto_s **rcrypto)
984 {
985 unsigned char *key = NULL;
986 size_t keylen = 0;
987 struct crypto_s *crypto = NULL;
988 gpg_error_t rc = init_client_crypto (&crypto);
989
990 if (rc)
991 return rc;
992
993 rc = read_data_file (filename, crypto);
994 if (rc)
995 {
996 cleanup_crypto (&crypto);
997 return rc;
998 }
999
1000 rc = decrypt_common (crypto, filename, (char **)&key, &keylen);
1001 gcry_free (key);
1002 key = NULL;
1003 if (rc)
1004 {
1005 cleanup_crypto (&crypto);
1006 return rc;
1007 }
1008
1009 if (!rc)
1010 {
1011 memcpy (&crypto->save.hdr, &crypto->hdr, sizeof (file_header_t));
1012 rc = export_common (NULL, crypto, 0, crypto->plaintext,
1013 crypto->plaintext_len, crypto->filename, NULL,
1014 (void **)&key, &keylen, 0, 0);
1015 }
1016
1017 if (!rc)
1018 {
1019 int cached;
1020
1021 rc = save_common (filename, crypto, crypto->plaintext,
1022 crypto->plaintext_len, key, keylen, &cached, 1);
1023 if (!rc)
1024 *rcrypto = crypto;
1025 }
1026
1027 if (rc)
1028 {
1029 gcry_free (key);
1030 cleanup_crypto (&crypto);
1031 }
1032
1033 return rc;
1034 }
1035
1036 // FIXME gcry_sexp_t is updated in cdata. make a temp var in case of failure.
1037 gpg_error_t
1038 save_common (const char *filename, struct crypto_s *crypto,
1039 const unsigned char *data, size_t datalen,
1040 const unsigned char *key, size_t keylen, int *cached, int no_agent)
1041 {
1042 struct cache_data_s *cdata;
1043 gpg_error_t rc;
1044
1045 /* This is safe since it is a fast operation. */
1046 cache_lock ();
1047 pthread_cleanup_push (cleanup_cache_mutex, NULL);
1048 cdata = cache_get_data_filename (filename);
1049 *cached = cdata != NULL;
1050
1051 if (!cdata)
1052 cdata = xcalloc (1, sizeof (struct cache_data_s));
1053
1054 #ifdef WITH_AGENT
1055 if (use_agent && !no_agent)
1056 {
1057 /* Update in case of any --keygrip argument */
1058 if (cdata->pubkey)
1059 gcry_sexp_release (cdata->pubkey);
1060
1061 gcry_sexp_build ((gcry_sexp_t *) & cdata->pubkey, NULL, "%S",
1062 crypto->pkey_sexp);
1063
1064 if (cdata->sigkey)
1065 gcry_sexp_release (cdata->sigkey);
1066
1067 gcry_sexp_build ((gcry_sexp_t *) & cdata->sigkey, NULL, "%S",
1068 crypto->sigpkey_sexp);
1069 }
1070 #endif
1071
1072 gcry_free (cdata->doc);
1073 cdata->doc = NULL;
1074 cdata->key = (unsigned char *)key;
1075 cdata->keylen = keylen;
1076 rc = encrypt_xml (NULL, cache_key, cache_keysize, GCRY_CIPHER_AES, data,
1077 datalen, &cdata->doc, &cdata->doclen, &cache_iv,
1078 &cache_blocksize, 0);
1079 if (!rc)
1080 {
1081 unsigned char md5file[16];
1082
1083 gcry_md_hash_buffer (GCRY_MD_MD5, md5file, filename, strlen (filename));
1084 rc = cache_set_data (md5file, cdata, crypto->grip);
1085 }
1086
1087 pthread_cleanup_pop (1); // mutex unlock
1088 return rc;
1089 }
1090
1091 gpg_error_t
1092 getpin_common (const char *filename, int which, char **rkey,
1093 size_t *rkeylen)
1094 {
1095 gpg_error_t rc;
1096 struct pinentry_s *pin = pinentry_init (filename);
1097
1098 rc = pinentry_getpin (pin, rkey, which);
1099 pinentry_deinit (pin);
1100 if (rc)
1101 return rc;
1102
1103 *rkeylen = strlen (*rkey);
1104 if (!(*rkeylen))
1105 (*rkeylen)++;
1106
1107 return rc;
1108 }
1109
1110 gpg_error_t
1111 decrypt_common (struct crypto_s *crypto, const char *filename, char **rkey,
1112 size_t *rkeylen)
1113 {
1114 char *key = NULL;
1115 size_t keylen = 0;
1116 gpg_error_t rc = read_data_file (filename, crypto);
1117
1118 if (rc)
1119 {
1120 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1121 return rc;
1122 }
1123
1124 key = config_get_string (filename, "passphrase");
1125 if (key)
1126 {
1127 log_write (_("Trying the passphrase specified in config ..."));
1128 keylen = strlen (key);
1129 }
1130
1131 if (!key)
1132 {
1133 key = config_get_string (filename, "passphrase_file");
1134 if (key)
1135 {
1136 int fd = open ((char *) key, O_RDONLY);
1137 struct stat st;
1138
1139 log_write (_("Trying the passphrase using file '%s' ..."), key);
1140 if (fd == -1)
1141 {
1142 log_write ("%s: %s", key,
1143 pwmd_strerror (gpg_error_from_syserror ()));
1144 xfree (key);
1145 return rc;
1146 }
1147
1148 stat (key, &st);
1149 xfree (key);
1150 key = xmalloc (st.st_size);
1151 if (key)
1152 {
1153 if (read (fd, key, st.st_size) != st.st_size)
1154 {
1155 log_write ("short read() count");
1156 rc = GPG_ERR_TOO_SHORT;
1157 }
1158 }
1159 else
1160 rc = GPG_ERR_ENOMEM;
1161
1162 close (fd);
1163
1164 if (rc)
1165 {
1166 log_write ("%s", pwmd_strerror (rc));
1167 xfree (key);
1168 return rc;
1169 }
1170
1171 keylen = st.st_size;
1172 }
1173 }
1174
1175 if (!key && !IS_PKCS (crypto))
1176 {
1177 struct pinentry_s *pin = pinentry_init (filename);
1178 unsigned char *salted_key;
1179 size_t keysize;
1180 int algo = cipher_to_gcrypt (crypto->hdr.flags);
1181
1182 rc = pinentry_getpin (pin, &key, PINENTRY_OPEN);
1183 pinentry_deinit (pin);
1184 if (rc)
1185 {
1186 log_write ("%s", pwmd_strerror (rc));
1187 return rc;
1188 }
1189
1190 keylen = strlen (key);
1191 if (!keylen)
1192 keylen++;
1193
1194 rc = gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &keysize);
1195 if (rc)
1196 {
1197 xfree (key);
1198 return rc;
1199 }
1200
1201 salted_key = xmalloc (keysize);
1202 if (!salted_key)
1203 {
1204 xfree (key);
1205 return GPG_ERR_ENOMEM;
1206 }
1207
1208 rc = gcry_kdf_derive(key, keylen, GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA1,
1209 crypto->hdr.salt, 8, DEFAULT_KDFS2K_ITERATIONS,
1210 keysize, salted_key);
1211 xfree (key);
1212 key = (char *)salted_key;
1213 keylen = keysize;
1214 if (rc)
1215 {
1216 xfree (salted_key);
1217 return rc;
1218 }
1219 }
1220 #ifdef WITH_AGENT
1221 else if (key && IS_PKCS (crypto))
1222 {
1223 rc = set_agent_passphrase (crypto, key, keylen);
1224 if (rc)
1225 {
1226 xfree (key);
1227 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1228 return rc;
1229 }
1230 }
1231 #endif
1232
1233 xfree (crypto->filename);
1234 crypto->filename = str_dup (filename);
1235 rc = decrypt_data (NULL, crypto, (unsigned char *)key, keylen);
1236 if (rc)
1237 {
1238 log_write ("ERR %i: %s", rc, pwmd_strerror (rc));
1239 xfree (key);
1240 }
1241 else
1242 {
1243 *rkey = key;
1244 *rkeylen = keylen;
1245 }
1246
1247 return rc;
1248 }
A server for managing passphrases and anything else.