search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import/export of pkcs#12 now uses the gpg-agent directly.
[gnupg.git] / g10 / passphrase.c
blob8b952f72a5c8ac93bb5338a381a1dffa913a6962
1 /* passphrase.c - Get a passphrase
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
3 * 2005, 2006, 2007 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stddef.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <unistd.h>
27 #include <assert.h>
28 #include <errno.h>
29 #ifdef HAVE_LOCALE_H
30 #include <locale.h>
31 #endif
32 #ifdef HAVE_LANGINFO_CODESET
33 #include <langinfo.h>
34 #endif
35
36 #include "gpg.h"
37 #include "util.h"
38 #include "options.h"
39 #include "ttyio.h"
40 #include "cipher.h"
41 #include "keydb.h"
42 #include "main.h"
43 #include "i18n.h"
44 #include "status.h"
45 #include "call-agent.h"
46
47
48 static char *fd_passwd = NULL;
49 static char *next_pw = NULL;
50 static char *last_pw = NULL;
51
52
53 /* Hash a passphrase using the supplied s2k. If create is true, create
54 a new salt or what else must be filled into the s2k for a new key.
55 always needs: dek->algo, s2k->mode, s2k->hash_algo. */
56 static void
57 hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k, int create )
58 {
59 gcry_md_hd_t md;
60 int pass, i;
61 int used = 0;
62 int pwlen = strlen(pw);
63
64 assert ( s2k->hash_algo );
65 dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
66 if ( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) )
67 BUG();
68
69 if (gcry_md_open (&md, s2k->hash_algo, 1))
70 BUG ();
71 for (pass=0; used < dek->keylen ; pass++ )
72 {
73 if ( pass )
74 {
75 gcry_md_reset (md);
76 for (i=0; i < pass; i++ ) /* Preset the hash context. */
77 gcry_md_putc (md, 0 );
78 }
79
80 if ( s2k->mode == 1 || s2k->mode == 3 )
81 {
82 int len2 = pwlen + 8;
83 ulong count = len2;
84
85 if ( create && !pass )
86 {
87 gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM);
88 if ( s2k->mode == 3 )
89 s2k->count = opt.s2k_count;
90 }
91
92 if ( s2k->mode == 3 )
93 {
94 count = S2K_DECODE_COUNT(s2k->count);
95 if ( count < len2 )
96 count = len2;
97 }
98
99 /* A little bit complicated because we need a ulong for count. */
100 while ( count > len2 ) /* maybe iterated+salted */
101 {
102 gcry_md_write ( md, s2k->salt, 8 );
103 gcry_md_write ( md, pw, pwlen );
104 count -= len2;
105 }
106 if ( count < 8 )
107 gcry_md_write ( md, s2k->salt, count );
108 else
109 {
110 gcry_md_write ( md, s2k->salt, 8 );
111 count -= 8;
112 gcry_md_write ( md, pw, count );
113 }
114 }
115 else
116 gcry_md_write ( md, pw, pwlen );
117 gcry_md_final( md );
118
119 i = gcry_md_get_algo_dlen ( s2k->hash_algo );
120 if ( i > dek->keylen - used )
121 i = dek->keylen - used;
122
123 memcpy (dek->key+used, gcry_md_read (md, s2k->hash_algo), i);
124 used += i;
125 }
126 gcry_md_close(md);
127 }
128
129
130
131 int
132 have_static_passphrase()
133 {
134 return !!fd_passwd && opt.batch;
135 }
136
137 /****************
138 * Set the passphrase to be used for the next query and only for the next
139 * one.
140 */
141 void
142 set_next_passphrase( const char *s )
143 {
144 xfree(next_pw);
145 next_pw = NULL;
146 if ( s )
147 {
148 next_pw = xmalloc_secure( strlen(s)+1 );
149 strcpy (next_pw, s );
150 }
151 }
152
153 /****************
154 * Get the last passphrase used in passphrase_to_dek.
155 * Note: This removes the passphrase from this modules and
156 * the caller must free the result. May return NULL:
157 */
158 char *
159 get_last_passphrase()
160 {
161 char *p = last_pw;
162 last_pw = NULL;
163 return p;
164 }
165
166 /* As if we had used the passphrase - make it the last_pw. */
167 void
168 next_to_last_passphrase(void)
169 {
170 if (next_pw)
171 {
172 last_pw=next_pw;
173 next_pw=NULL;
174 }
175 }
176
177 /* Here's an interesting question: since this passphrase was passed in
178 on the command line, is there really any point in using secure
179 memory for it? I'm going with 'yes', since it doesn't hurt, and
180 might help in some small way (swapping). */
181
182 void
183 set_passphrase_from_string(const char *pass)
184 {
185 xfree (fd_passwd);
186 fd_passwd = xmalloc_secure(strlen(pass)+1);
187 strcpy (fd_passwd, pass);
188 }
189
190
191 void
192 read_passphrase_from_fd( int fd )
193 {
194 int i, len;
195 char *pw;
196
197 if ( !opt.batch )
198 { /* Not used but we have to do a dummy read, so that it won't end
199 up at the begin of the message if the quite usual trick to
200 prepend the passphtrase to the message is used. */
201 char buf[1];
202
203 while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
204 ;
205 *buf = 0;
206 return;
207 }
208
209 for (pw = NULL, i = len = 100; ; i++ )
210 {
211 if (i >= len-1 )
212 {
213 char *pw2 = pw;
214 len += 100;
215 pw = xmalloc_secure( len );
216 if( pw2 )
217 {
218 memcpy(pw, pw2, i );
219 xfree (pw2);
220 }
221 else
222 i=0;
223 }
224 if (read( fd, pw+i, 1) != 1 || pw[i] == '\n' )
225 break;
226 }
227 pw[i] = 0;
228 if (!opt.batch)
229 tty_printf("\b\b\b \n" );
230
231 xfree ( fd_passwd );
232 fd_passwd = pw;
233 }
234
235
236 /*
237 * Ask the GPG Agent for the passphrase.
238 * Mode 0: Allow cached passphrase
239 * 1: No cached passphrase FIXME: Not really implemented
240 *
241 * Note that TRYAGAIN_TEXT must not be translated. If CANCELED is not
242 * NULL, the function does set it to 1 if the user canceled the
243 * operation. If CACHEID is not NULL, it will be used as the cacheID
244 * for the gpg-agent; if is NULL and a key fingerprint can be
245 * computed, this will be used as the cacheid.
246 */
247 static char *
248 passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
249 const char *tryagain_text,
250 const char *custom_description,
251 const char *custom_prompt, int *canceled)
252 {
253 int rc;
254 char *atext = NULL;
255 char *pw = NULL;
256 PKT_public_key *pk = xmalloc_clear( sizeof *pk );
257 byte fpr[MAX_FINGERPRINT_LEN];
258 int have_fpr = 0;
259 char *orig_codeset;
260 char *my_prompt;
261 char hexfprbuf[20*2+1];
262 const char *my_cacheid;
263
264 if (canceled)
265 *canceled = 0;
266
267 #if MAX_FINGERPRINT_LEN < 20
268 #error agent needs a 20 byte fingerprint
269 #endif
270
271 memset (fpr, 0, MAX_FINGERPRINT_LEN );
272 if( keyid && get_pubkey( pk, keyid ) )
273 {
274 if (pk)
275 free_public_key( pk );
276 pk = NULL; /* oops: no key for some reason */
277 }
278
279 orig_codeset = i18n_switchto_utf8 ();
280
281 if (custom_description)
282 atext = native_to_utf8 (custom_description);
283 else if ( !mode && pk && keyid )
284 {
285 char *uid;
286 size_t uidlen;
287 const char *algo_name = gcry_pk_algo_name ( pk->pubkey_algo );
288 const char *timestr;
289 char *maink;
290
291 if ( !algo_name )
292 algo_name = "?";
293
294 #define KEYIDSTRING _(" (main key ID %s)")
295
296 maink = xmalloc ( strlen (KEYIDSTRING) + keystrlen() + 20 );
297 if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
298 && keyid[1] != keyid[3] )
299 sprintf( maink, KEYIDSTRING, keystr(&keyid[2]) );
300 else
301 *maink = 0;
302
303 uid = get_user_id ( keyid, &uidlen );
304 timestr = strtimestamp (pk->timestamp);
305
306 #undef KEYIDSTRING
307
308 #define PROMPTSTRING _("Please enter the passphrase to unlock the" \
309 " secret key for the OpenPGP certificate:\n" \
310 "\"%.*s\"\n" \
311 "%u-bit %s key, ID %s,\n" \
312 "created %s%s.\n" )
313
314 atext = xmalloc ( 100 + strlen (PROMPTSTRING)
315 + uidlen + 15 + strlen(algo_name) + keystrlen()
316 + strlen (timestr) + strlen (maink) );
317 sprintf (atext, PROMPTSTRING,
318 (int)uidlen, uid,
319 nbits_from_pk (pk), algo_name, keystr(&keyid[0]), timestr,
320 maink );
321 xfree (uid);
322 xfree (maink);
323
324 #undef PROMPTSTRING
325
326 {
327 size_t dummy;
328 fingerprint_from_pk( pk, fpr, &dummy );
329 have_fpr = 1;
330 }
331
332 }
333 else
334 atext = xstrdup ( _("Enter passphrase\n") );
335
336
337 if (!mode && cacheid)
338 my_cacheid = cacheid;
339 else if (!mode && have_fpr)
340 my_cacheid = bin2hex (fpr, 20, hexfprbuf);
341 else
342 my_cacheid = NULL;
343
344 if (tryagain_text)
345 tryagain_text = _(tryagain_text);
346
347 my_prompt = custom_prompt ? native_to_utf8 (custom_prompt): NULL;
348
349 rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext,
350 repeat, &pw);
351
352 xfree (my_prompt);
353 xfree (atext); atext = NULL;
354
355 i18n_switchback (orig_codeset);
356
357
358 if (!rc)
359 ;
360 else if ( gpg_err_code (rc) == GPG_ERR_CANCELED )
361 {
362 log_info (_("cancelled by user\n") );
363 if (canceled)
364 *canceled = 1;
365 }
366 else
367 {
368 log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
369 /* Due to limitations in the API of the upper layers they
370 consider an error as no passphrase entered. This works in
371 most cases but not during key creation where this should
372 definitely not happen and let it continue without requiring a
373 passphrase. Given that now all the upper layers handle a
374 cancel correctly, we simply set the cancel flag now for all
375 errors from the agent. */
376 if (canceled)
377 *canceled = 1;
378
379 write_status_error ("get_passphrase", rc);
380 }
381
382 if (pk)
383 free_public_key( pk );
384 if (rc)
385 {
386 xfree (pw);
387 return NULL;
388 }
389 return pw;
390 }
391
392
393 /*
394 * Clear the cached passphrase. If CACHEID is not NULL, it will be
395 * used instead of a cache ID derived from KEYID.
396 */
397 void
398 passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
399 {
400 int rc;
401
402 (void)algo;
403
404 if (!cacheid)
405 {
406 PKT_public_key *pk;
407 # if MAX_FINGERPRINT_LEN < 20
408 # error agent needs a 20 byte fingerprint
409 # endif
410 byte fpr[MAX_FINGERPRINT_LEN];
411 char hexfprbuf[2*20+1];
412 size_t dummy;
413
414 pk = xcalloc (1, sizeof *pk);
415 if ( !keyid || get_pubkey( pk, keyid ) )
416 {
417 log_error ("key not found in passphrase_clear_cache\n");
418 free_public_key (pk);
419 return;
420 }
421 memset (fpr, 0, MAX_FINGERPRINT_LEN );
422 fingerprint_from_pk ( pk, fpr, &dummy );
423 bin2hex (fpr, 20, hexfprbuf);
424 rc = agent_clear_passphrase (hexfprbuf);
425 free_public_key ( pk );
426 }
427 else
428 rc = agent_clear_passphrase (cacheid);
429
430 if (rc)
431 log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
432 }
433
434
435 /****************
436 * Ask for a passphrase and return that string.
437 */
438 char *
439 ask_passphrase (const char *description,
440 const char *tryagain_text,
441 const char *promptid,
442 const char *prompt,
443 const char *cacheid, int *canceled)
444 {
445 char *pw = NULL;
446
447 (void)promptid;
448
449 if (canceled)
450 *canceled = 0;
451
452 if (!opt.batch && description)
453 {
454 if (strchr (description, '%'))
455 {
456 char *tmp = percent_plus_unescape (description, 0xff);
457 if (!tmp)
458 log_fatal(_("out of core\n"));
459 tty_printf ("\n%s\n", tmp);
460 xfree (tmp);
461 }
462 else
463 tty_printf ("\n%s\n",description);
464 }
465
466 if (have_static_passphrase ())
467 {
468 pw = xmalloc_secure (strlen(fd_passwd)+1);
469 strcpy (pw, fd_passwd);
470 }
471 else
472 pw = passphrase_get (NULL, 0, cacheid, 0,
473 tryagain_text, description, prompt,
474 canceled );
475
476 if (!pw || !*pw)
477 write_status( STATUS_MISSING_PASSPHRASE );
478
479 return pw;
480 }
481
482
483 /* Return a new DEK object Using the string-to-key sepcifier S2K. Use
484 KEYID and PUBKEY_ALGO to prompt the user. Returns NULL is the user
485 selected to cancel the passphrase entry and if CANCELED is not
486 NULL, sets it to true.
487
488 MODE 0: Allow cached passphrase
489 1: Ignore cached passphrase
490 2: Ditto, but change the text to "repeat entry"
491 */
492 DEK *
493 passphrase_to_dek (u32 *keyid, int pubkey_algo,
494 int cipher_algo, STRING2KEY *s2k, int mode,
495 const char *tryagain_text, int *canceled)
496 {
497 char *pw = NULL;
498 DEK *dek;
499 STRING2KEY help_s2k;
500 int dummy_canceled;
501
502 if (!canceled)
503 canceled = &dummy_canceled;
504 *canceled = 0;
505
506 if ( !s2k )
507 {
508 /* This is used for the old rfc1991 mode
509 * Note: This must match the code in encode.c with opt.rfc1991 set */
510 s2k = &help_s2k;
511 s2k->mode = 0;
512 s2k->hash_algo = S2K_DIGEST_ALGO;
513 }
514
515 /* If we do not have a passphrase available in NEXT_PW and status
516 information are request, we print them now. */
517 if ( !next_pw && is_status_enabled() )
518 {
519 char buf[50];
520
521 if ( keyid )
522 {
523 u32 used_kid[2];
524 char *us;
525
526 if ( keyid[2] && keyid[3] )
527 {
528 used_kid[0] = keyid[2];
529 used_kid[1] = keyid[3];
530 }
531 else
532 {
533 used_kid[0] = keyid[0];
534 used_kid[1] = keyid[1];
535 }
536
537 us = get_long_user_id_string ( keyid );
538 write_status_text ( STATUS_USERID_HINT, us );
539 xfree(us);
540
541 snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0",
542 (ulong)keyid[0], (ulong)keyid[1],
543 (ulong)used_kid[0], (ulong)used_kid[1],
544 pubkey_algo );
545
546 write_status_text ( STATUS_NEED_PASSPHRASE, buf );
547 }
548 else
549 {
550 snprintf (buf, sizeof buf -1, "%d %d %d",
551 cipher_algo, s2k->mode, s2k->hash_algo );
552 write_status_text ( STATUS_NEED_PASSPHRASE_SYM, buf );
553 }
554 }
555
556 /* If we do have a keyID, we do not have a passphrase available in
557 NEXT_PW, we are not running in batch mode and we do not want to
558 ignore the passphrase cache (mode!=1), print a prompt with
559 information on that key. */
560 if ( keyid && !opt.batch && !next_pw && mode!=1 )
561 {
562 PKT_public_key *pk = xmalloc_clear( sizeof *pk );
563 char *p;
564
565 p = get_user_id_native(keyid);
566 tty_printf ("\n");
567 tty_printf (_("You need a passphrase to unlock the secret key for\n"
568 "user: \"%s\"\n"),p);
569 xfree(p);
570
571 if ( !get_pubkey( pk, keyid ) )
572 {
573 const char *s = gcry_pk_algo_name ( pk->pubkey_algo );
574
575 tty_printf (_("%u-bit %s key, ID %s, created %s"),
576 nbits_from_pk( pk ), s?s:"?", keystr(keyid),
577 strtimestamp(pk->timestamp) );
578 if ( keyid[2] && keyid[3]
579 && keyid[0] != keyid[2] && keyid[1] != keyid[3] )
580 {
581 if ( keystrlen () > 10 )
582 {
583 tty_printf ("\n");
584 tty_printf (_(" (subkey on main key ID %s)"),
585 keystr(&keyid[2]) );
586 }
587 else
588 tty_printf ( _(" (main key ID %s)"), keystr(&keyid[2]) );
589 }
590 tty_printf("\n");
591 }
592
593 tty_printf("\n");
594 if (pk)
595 free_public_key( pk );
596 }
597
598 if ( next_pw )
599 {
600 /* Simply return the passphrase we already have in NEXT_PW. */
601 pw = next_pw;
602 next_pw = NULL;
603 }
604 else if ( have_static_passphrase () )
605 {
606 /* Return the passphrase we have stored in FD_PASSWD. */
607 pw = xmalloc_secure ( strlen(fd_passwd)+1 );
608 strcpy ( pw, fd_passwd );
609 }
610 else
611 {
612 /* Divert to the gpg-agent. */
613 pw = passphrase_get ( keyid, mode == 2, NULL,
614 mode == 2? opt.passwd_repeat: 0,
615 tryagain_text, NULL, NULL, canceled );
616 if (*canceled)
617 {
618 xfree (pw);
619 write_status( STATUS_MISSING_PASSPHRASE );
620 return NULL;
621 }
622 }
623
624 if ( !pw || !*pw )
625 write_status( STATUS_MISSING_PASSPHRASE );
626
627 /* Hash the passphrase and store it in a newly allocated DEK object.
628 Keep a copy of the passphrase in LAST_PW for use by
629 get_last_passphrase(). */
630 dek = xmalloc_secure_clear ( sizeof *dek );
631 dek->algo = cipher_algo;
632 if ( !*pw && mode == 2 )
633 dek->keylen = 0;
634 else
635 hash_passphrase( dek, pw, s2k, mode==2 );
636 xfree(last_pw);
637 last_pw = pw;
638 return dek;
639 }
gnupg svn clone