author | ulf69 <ulf69> | 2004-11-07 02:10:50 (UTC) |
---|---|---|
committer | ulf69 <ulf69> | 2004-11-07 02:10:50 (UTC) |
commit | 31c3fc0e0673b9403fb4ef4a9836305d1d49ff83 (patch) (unidiff) | |
tree | f5a44f4402294d6fd61e204489cdd776acb804aa | |
parent | 2b6072e39edbc8c9ab36e1e835b252a799db97a1 (diff) | |
download | kdepimpi-31c3fc0e0673b9403fb4ef4a9836305d1d49ff83.zip kdepimpi-31c3fc0e0673b9403fb4ef4a9836305d1d49ff83.tar.gz kdepimpi-31c3fc0e0673b9403fb4ef4a9836305d1d49ff83.tar.bz2 |
Fixed nasty PwM/Pi file reading bug, when
the used hash algo of file is different then the global
hash algo.
CVS ----------------------------------------------------------------------
-rw-r--r-- | pwmanager/pwmanager/libgcryptif.cpp | 25 | ||||
-rw-r--r-- | pwmanager/pwmanager/libgcryptif.h | 12 | ||||
-rw-r--r-- | pwmanager/pwmanager/pwmdoc.cpp | 20 | ||||
-rw-r--r-- | pwmanager/pwmanager/pwmdoc.h | 8 |
4 files changed, 46 insertions, 19 deletions
diff --git a/pwmanager/pwmanager/libgcryptif.cpp b/pwmanager/pwmanager/libgcryptif.cpp index ff94bf6..15f6cef 100644 --- a/pwmanager/pwmanager/libgcryptif.cpp +++ b/pwmanager/pwmanager/libgcryptif.cpp | |||
@@ -1,454 +1,463 @@ | |||
1 | /*************************************************************************** | 1 | /*************************************************************************** |
2 | * * | 2 | * * |
3 | * copyright (C) 2004 by Michael Buesch * | 3 | * copyright (C) 2004 by Michael Buesch * |
4 | * email: mbuesch@freenet.de * | 4 | * email: mbuesch@freenet.de * |
5 | * * | 5 | * * |
6 | * hashPassphrase() is derived from GnuPG and is * | 6 | * hashPassphrase() is derived from GnuPG and is * |
7 | * Copyright (C) 1998, 1999, 2000, 2001, 2003 * | 7 | * Copyright (C) 1998, 1999, 2000, 2001, 2003 * |
8 | * Free Software Foundation, Inc. * | 8 | * Free Software Foundation, Inc. * |
9 | * * | 9 | * * |
10 | * This program is free software; you can redistribute it and/or modify * | 10 | * This program is free software; you can redistribute it and/or modify * |
11 | * it under the terms of the GNU General Public License version 2 * | 11 | * it under the terms of the GNU General Public License version 2 * |
12 | * as published by the Free Software Foundation. * | 12 | * as published by the Free Software Foundation. * |
13 | * * | 13 | * * |
14 | ***************************************************************************/ | 14 | ***************************************************************************/ |
15 | 15 | ||
16 | /*************************************************************************** | 16 | /*************************************************************************** |
17 | * copyright (C) 2004 by Ulf Schenk | 17 | * copyright (C) 2004 by Ulf Schenk |
18 | * This file is originaly based on version 1.1 of pwmanager | 18 | * This file is originaly based on version 1.1 of pwmanager |
19 | * and was modified to run on embedded devices that run microkde | 19 | * and was modified to run on embedded devices that run microkde |
20 | * | 20 | * |
21 | * $Id$ | 21 | * $Id$ |
22 | **************************************************************************/ | 22 | **************************************************************************/ |
23 | 23 | ||
24 | #include "libgcryptif.h" | 24 | #include "libgcryptif.h" |
25 | 25 | ||
26 | #ifdef CONFIG_PWMANAGER_GCRY | 26 | #ifdef CONFIG_PWMANAGER_GCRY |
27 | 27 | ||
28 | #include "pwmdoc.h" | 28 | #include "pwmdoc.h" |
29 | #include "randomizer.h" | 29 | #include "randomizer.h" |
30 | 30 | ||
31 | #include <gcrypt.h> | 31 | #include <gcrypt.h> |
32 | 32 | ||
33 | #ifdef PWM_EMBEDDED | 33 | #ifdef PWM_EMBEDDED |
34 | #include <pwmprefs.h> | 34 | #include <pwmprefs.h> |
35 | #endif | 35 | #endif |
36 | 36 | ||
37 | 37 | ||
38 | PwMerror LibGCryptIf::encrypt(unsigned char **outBuf, | 38 | PwMerror LibGCryptIf::encrypt(unsigned char **outBuf, |
39 | size_t *outBufLen, | 39 | size_t *outBufLen, |
40 | unsigned char *inBuf, | 40 | unsigned char *inBuf, |
41 | size_t inBufLen, | 41 | size_t inBufLen, |
42 | const unsigned char *key, | 42 | const unsigned char *key, |
43 | size_t keylen, | 43 | size_t keylen, |
44 | char _algo) | 44 | char _algo, |
45 | char _hashalgo //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
46 | ) | ||
45 | { | 47 | { |
46 | PwMerror ret = e_success; | 48 | PwMerror ret = e_success; |
47 | gcry_error_t err; | 49 | gcry_error_t err; |
48 | gcry_cipher_hd_t handle; | 50 | gcry_cipher_hd_t handle; |
49 | size_t blklen; | 51 | size_t blklen; |
50 | size_t unpaddedLen = inBufLen; | 52 | size_t unpaddedLen = inBufLen; |
51 | size_t cipherKeylen; | 53 | size_t cipherKeylen; |
52 | unsigned char *hashedKey; | 54 | unsigned char *hashedKey; |
53 | unsigned char salt[STRING2KEY_SALTLEN]; | 55 | unsigned char salt[STRING2KEY_SALTLEN]; |
54 | int algo = mapCipherId(_algo); | 56 | int algo = mapCipherId(_algo); |
55 | 57 | ||
56 | if (!inBufLen || !keylen) | 58 | if (!inBufLen || !keylen) |
57 | return e_invalidArg; | 59 | return e_invalidArg; |
58 | 60 | ||
59 | // test if algo is ready for encryption | 61 | // test if algo is ready for encryption |
60 | err = gcry_cipher_algo_info(algo, | 62 | err = gcry_cipher_algo_info(algo, |
61 | GCRYCTL_TEST_ALGO, | 63 | GCRYCTL_TEST_ALGO, |
62 | 0, 0); | 64 | 0, 0); |
63 | if (err != GPG_ERR_NO_ERROR) { | 65 | if (err != GPG_ERR_NO_ERROR) { |
64 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_TEST_ALGO failed: ") | 66 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_TEST_ALGO failed: ") |
65 | + gcry_strerror(err)); | 67 | + gcry_strerror(err)); |
66 | ret = e_cryptNotImpl; | 68 | ret = e_cryptNotImpl; |
67 | goto out; | 69 | goto out; |
68 | } | 70 | } |
69 | // get the algo block length | 71 | // get the algo block length |
70 | err = gcry_cipher_algo_info(algo, | 72 | err = gcry_cipher_algo_info(algo, |
71 | GCRYCTL_GET_BLKLEN, | 73 | GCRYCTL_GET_BLKLEN, |
72 | 0, | 74 | 0, |
73 | &blklen); | 75 | &blklen); |
74 | if (err != GPG_ERR_NO_ERROR) { | 76 | if (err != GPG_ERR_NO_ERROR) { |
75 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_BLKLEN failed: ") | 77 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_BLKLEN failed: ") |
76 | + gcry_strerror(err)); | 78 | + gcry_strerror(err)); |
77 | ret = e_cryptNotImpl; | 79 | ret = e_cryptNotImpl; |
78 | goto out; | 80 | goto out; |
79 | } | 81 | } |
80 | /* double check if we have enough space. | 82 | /* double check if we have enough space. |
81 | * We have only 1024 extra bytes for padding and salt. | 83 | * We have only 1024 extra bytes for padding and salt. |
82 | */ | 84 | */ |
83 | BUG_ON(blklen > 1024 - STRING2KEY_SALTLEN); | 85 | BUG_ON(blklen > 1024 - STRING2KEY_SALTLEN); |
84 | // get the algo key length | 86 | // get the algo key length |
85 | err = gcry_cipher_algo_info(algo, | 87 | err = gcry_cipher_algo_info(algo, |
86 | GCRYCTL_GET_KEYLEN, | 88 | GCRYCTL_GET_KEYLEN, |
87 | 0, | 89 | 0, |
88 | &cipherKeylen); | 90 | &cipherKeylen); |
89 | if (err != GPG_ERR_NO_ERROR) { | 91 | if (err != GPG_ERR_NO_ERROR) { |
90 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_KEYLEN failed: ") | 92 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_KEYLEN failed: ") |
91 | + gcry_strerror(err)); | 93 | + gcry_strerror(err)); |
92 | ret = e_cryptNotImpl; | 94 | ret = e_cryptNotImpl; |
93 | goto out; | 95 | goto out; |
94 | } | 96 | } |
95 | // now open the algo and get a handle | 97 | // now open the algo and get a handle |
96 | err = gcry_cipher_open(&handle, | 98 | err = gcry_cipher_open(&handle, |
97 | algo, | 99 | algo, |
98 | GCRY_CIPHER_MODE_CBC, | 100 | GCRY_CIPHER_MODE_CBC, |
99 | 0); | 101 | 0); |
100 | if (err != GPG_ERR_NO_ERROR) { | 102 | if (err != GPG_ERR_NO_ERROR) { |
101 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_open() failed: ") | 103 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_open() failed: ") |
102 | + gcry_strerror(err)); | 104 | + gcry_strerror(err)); |
103 | ret = e_cryptNotImpl; | 105 | ret = e_cryptNotImpl; |
104 | goto out; | 106 | goto out; |
105 | } | 107 | } |
106 | // hash the "key" to a fixed size hash matching "cipherKeylen" | 108 | // hash the "key" to a fixed size hash matching "cipherKeylen" |
107 | hashedKey = new unsigned char[cipherKeylen]; | 109 | hashedKey = new unsigned char[cipherKeylen]; |
108 | hashPassphrase(key, keylen, salt, hashedKey, cipherKeylen, true); | 110 | hashPassphrase(key, keylen, salt, hashedKey, cipherKeylen, true, _hashalgo); |
109 | // so now set the hashed key | 111 | // so now set the hashed key |
110 | err = gcry_cipher_setkey(handle, hashedKey, cipherKeylen); | 112 | err = gcry_cipher_setkey(handle, hashedKey, cipherKeylen); |
111 | if (err != GPG_ERR_NO_ERROR) { | 113 | if (err != GPG_ERR_NO_ERROR) { |
112 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_setkey() failed: ") | 114 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_setkey() failed: ") |
113 | + gcry_strerror(err)); | 115 | + gcry_strerror(err)); |
114 | ret = e_cryptNotImpl; | 116 | ret = e_cryptNotImpl; |
115 | delete [] hashedKey; | 117 | delete [] hashedKey; |
116 | goto out_close; | 118 | goto out_close; |
117 | } | 119 | } |
118 | delete [] hashedKey; | 120 | delete [] hashedKey; |
119 | /* allocate a buffer for the encrypted data. | 121 | /* allocate a buffer for the encrypted data. |
120 | * The size of the buffer is the inBuf length, but blklen | 122 | * The size of the buffer is the inBuf length, but blklen |
121 | * aligned and plus the length of the salt, that is appended. | 123 | * aligned and plus the length of the salt, that is appended. |
122 | */ | 124 | */ |
123 | *outBufLen = getBufLen(unpaddedLen, blklen) + STRING2KEY_SALTLEN; | 125 | *outBufLen = getBufLen(unpaddedLen, blklen) + STRING2KEY_SALTLEN; |
124 | *outBuf = new unsigned char[*outBufLen]; | 126 | *outBuf = new unsigned char[*outBufLen]; |
125 | padData(inBuf, unpaddedLen, blklen); | 127 | padData(inBuf, unpaddedLen, blklen); |
126 | // encrypt the padded data | 128 | // encrypt the padded data |
127 | err = gcry_cipher_encrypt(handle, | 129 | err = gcry_cipher_encrypt(handle, |
128 | *outBuf, | 130 | *outBuf, |
129 | *outBufLen - STRING2KEY_SALTLEN, | 131 | *outBufLen - STRING2KEY_SALTLEN, |
130 | inBuf, | 132 | inBuf, |
131 | *outBufLen - STRING2KEY_SALTLEN); | 133 | *outBufLen - STRING2KEY_SALTLEN); |
132 | if (err != GPG_ERR_NO_ERROR) { | 134 | if (err != GPG_ERR_NO_ERROR) { |
133 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_encrypt() failed: ") | 135 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_encrypt() failed: ") |
134 | + gcry_strerror(err)); | 136 | + gcry_strerror(err)); |
135 | ret = e_cryptNotImpl; | 137 | ret = e_cryptNotImpl; |
136 | goto out_delete; | 138 | goto out_delete; |
137 | } | 139 | } |
138 | // append the salt to the encrypted data | 140 | // append the salt to the encrypted data |
139 | memcpy(*outBuf + *outBufLen - STRING2KEY_SALTLEN, salt, STRING2KEY_SALTLEN); | 141 | memcpy(*outBuf + *outBufLen - STRING2KEY_SALTLEN, salt, STRING2KEY_SALTLEN); |
140 | goto out_close; | 142 | goto out_close; |
141 | out_delete: | 143 | out_delete: |
142 | delete [] *outBuf; | 144 | delete [] *outBuf; |
143 | out_close: | 145 | out_close: |
144 | gcry_cipher_close(handle); | 146 | gcry_cipher_close(handle); |
145 | out: | 147 | out: |
146 | return ret; | 148 | return ret; |
147 | } | 149 | } |
148 | 150 | ||
149 | PwMerror LibGCryptIf::decrypt(unsigned char **outBuf, | 151 | PwMerror LibGCryptIf::decrypt(unsigned char **outBuf, |
150 | size_t *outBufLen, | 152 | size_t *outBufLen, |
151 | const unsigned char *inBuf, | 153 | const unsigned char *inBuf, |
152 | size_t inBufLen, | 154 | size_t inBufLen, |
153 | const unsigned char *key, | 155 | const unsigned char *key, |
154 | size_t keylen, | 156 | size_t keylen, |
155 | char _algo) | 157 | char _algo, |
158 | char _hashalgo //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
159 | ) | ||
156 | { | 160 | { |
157 | PwMerror ret = e_success; | 161 | PwMerror ret = e_success; |
158 | gcry_error_t err; | 162 | gcry_error_t err; |
159 | gcry_cipher_hd_t handle; | 163 | gcry_cipher_hd_t handle; |
160 | size_t cipherKeylen; | 164 | size_t cipherKeylen; |
161 | unsigned char *hashedKey; | 165 | unsigned char *hashedKey; |
162 | unsigned char salt[STRING2KEY_SALTLEN]; | 166 | unsigned char salt[STRING2KEY_SALTLEN]; |
163 | int algo = mapCipherId(_algo); | 167 | int algo = mapCipherId(_algo); |
164 | 168 | ||
165 | if (!inBufLen || !keylen) | 169 | if (!inBufLen || !keylen) |
166 | return e_invalidArg; | 170 | return e_invalidArg; |
167 | 171 | ||
168 | // test if algo is ready for encryption | 172 | // test if algo is ready for encryption |
169 | err = gcry_cipher_algo_info(algo, | 173 | err = gcry_cipher_algo_info(algo, |
170 | GCRYCTL_TEST_ALGO, | 174 | GCRYCTL_TEST_ALGO, |
171 | 0, 0); | 175 | 0, 0); |
172 | if (err != GPG_ERR_NO_ERROR) { | 176 | if (err != GPG_ERR_NO_ERROR) { |
173 | printDebug(string("LibGCryptIf::doDecrypt(): GCRYCTL_TEST_ALGO failed: ") | 177 | printDebug(string("LibGCryptIf::doDecrypt(): GCRYCTL_TEST_ALGO failed: ") |
174 | + gcry_strerror(err)); | 178 | + gcry_strerror(err)); |
175 | ret = e_cryptNotImpl; | 179 | ret = e_cryptNotImpl; |
176 | goto out; | 180 | goto out; |
177 | } | 181 | } |
178 | // get algo key length | 182 | // get algo key length |
179 | err = gcry_cipher_algo_info(algo, | 183 | err = gcry_cipher_algo_info(algo, |
180 | GCRYCTL_GET_KEYLEN, | 184 | GCRYCTL_GET_KEYLEN, |
181 | 0, | 185 | 0, |
182 | &cipherKeylen); | 186 | &cipherKeylen); |
183 | if (err != GPG_ERR_NO_ERROR) { | 187 | if (err != GPG_ERR_NO_ERROR) { |
184 | printDebug(string("LibGCryptIf::doDecrypt(): GCRYCTL_GET_KEYLEN failed: ") | 188 | printDebug(string("LibGCryptIf::doDecrypt(): GCRYCTL_GET_KEYLEN failed: ") |
185 | + gcry_strerror(err)); | 189 | + gcry_strerror(err)); |
186 | ret = e_cryptNotImpl; | 190 | ret = e_cryptNotImpl; |
187 | goto out; | 191 | goto out; |
188 | } | 192 | } |
189 | // extract the salt of the encrypted data buffer | 193 | // extract the salt of the encrypted data buffer |
190 | memcpy(salt, inBuf + inBufLen - STRING2KEY_SALTLEN, STRING2KEY_SALTLEN); | 194 | memcpy(salt, inBuf + inBufLen - STRING2KEY_SALTLEN, STRING2KEY_SALTLEN); |
191 | // open the algo and get a handle | 195 | // open the algo and get a handle |
192 | err = gcry_cipher_open(&handle, | 196 | err = gcry_cipher_open(&handle, |
193 | algo, | 197 | algo, |
194 | GCRY_CIPHER_MODE_CBC, | 198 | GCRY_CIPHER_MODE_CBC, |
195 | 0); | 199 | 0); |
196 | if (err != GPG_ERR_NO_ERROR) { | 200 | if (err != GPG_ERR_NO_ERROR) { |
197 | printDebug(string("LibGCryptIf::doDecrypt(): gcry_cipher_open() failed: ") | 201 | printDebug(string("LibGCryptIf::doDecrypt(): gcry_cipher_open() failed: ") |
198 | + gcry_strerror(err)); | 202 | + gcry_strerror(err)); |
199 | ret = e_cryptNotImpl; | 203 | ret = e_cryptNotImpl; |
200 | goto out; | 204 | goto out; |
201 | } | 205 | } |
202 | // hash the "key" to a fixed size hash matching "cipherKeylen" | 206 | // hash the "key" to a fixed size hash matching "cipherKeylen" |
203 | hashedKey = new unsigned char[cipherKeylen]; | 207 | hashedKey = new unsigned char[cipherKeylen]; |
204 | hashPassphrase(key, keylen, salt, hashedKey, cipherKeylen, false); | 208 | hashPassphrase(key, keylen, salt, hashedKey, cipherKeylen, false, _hashalgo); |
205 | // so now set the hashed key | 209 | // so now set the hashed key |
206 | err = gcry_cipher_setkey(handle, hashedKey, cipherKeylen); | 210 | err = gcry_cipher_setkey(handle, hashedKey, cipherKeylen); |
207 | if (err != GPG_ERR_NO_ERROR) { | 211 | if (err != GPG_ERR_NO_ERROR) { |
208 | printDebug(string("LibGCryptIf::doDecrypt(): gcry_cipher_setkey() failed: ") | 212 | printDebug(string("LibGCryptIf::doDecrypt(): gcry_cipher_setkey() failed: ") |
209 | + gcry_strerror(err)); | 213 | + gcry_strerror(err)); |
210 | ret = e_cryptNotImpl; | 214 | ret = e_cryptNotImpl; |
211 | delete [] hashedKey; | 215 | delete [] hashedKey; |
212 | goto out_close; | 216 | goto out_close; |
213 | } | 217 | } |
214 | delete [] hashedKey; | 218 | delete [] hashedKey; |
215 | *outBufLen = inBufLen - STRING2KEY_SALTLEN; | 219 | *outBufLen = inBufLen - STRING2KEY_SALTLEN; |
216 | *outBuf = new unsigned char[*outBufLen]; | 220 | *outBuf = new unsigned char[*outBufLen]; |
217 | // decrypt the data | 221 | // decrypt the data |
218 | err = gcry_cipher_decrypt(handle, | 222 | err = gcry_cipher_decrypt(handle, |
219 | *outBuf, | 223 | *outBuf, |
220 | *outBufLen, | 224 | *outBufLen, |
221 | inBuf, | 225 | inBuf, |
222 | *outBufLen); | 226 | *outBufLen); |
223 | if (err != GPG_ERR_NO_ERROR) { | 227 | if (err != GPG_ERR_NO_ERROR) { |
224 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_encrypt() failed: ") | 228 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_encrypt() failed: ") |
225 | + gcry_strerror(err)); | 229 | + gcry_strerror(err)); |
226 | ret = e_cryptNotImpl; | 230 | ret = e_cryptNotImpl; |
227 | goto out_delete; | 231 | goto out_delete; |
228 | } | 232 | } |
229 | // remove all random padding | 233 | // remove all random padding |
230 | unpadData(*outBuf, outBufLen); | 234 | unpadData(*outBuf, outBufLen); |
231 | goto out_close; | 235 | goto out_close; |
232 | out_delete: | 236 | out_delete: |
233 | delete [] *outBuf; | 237 | delete [] *outBuf; |
234 | out_close: | 238 | out_close: |
235 | gcry_cipher_close(handle); | 239 | gcry_cipher_close(handle); |
236 | out: | 240 | out: |
237 | return ret; | 241 | return ret; |
238 | } | 242 | } |
239 | 243 | ||
240 | PwMerror LibGCryptIf::hash(unsigned char **outBuf, | 244 | PwMerror LibGCryptIf::hash(unsigned char **outBuf, |
241 | size_t *outBufLen, | 245 | size_t *outBufLen, |
242 | const unsigned char *inBuf, | 246 | const unsigned char *inBuf, |
243 | size_t inBufLen, | 247 | size_t inBufLen, |
244 | char _algo) | 248 | char _algo) |
245 | { | 249 | { |
246 | PwMerror ret = e_success; | 250 | PwMerror ret = e_success; |
247 | unsigned int hashLen; | 251 | unsigned int hashLen; |
248 | int algo = mapHashId(_algo); | 252 | int algo = mapHashId(_algo); |
249 | 253 | ||
250 | hashLen = gcry_md_get_algo_dlen(algo); | 254 | hashLen = gcry_md_get_algo_dlen(algo); |
251 | *outBufLen = hashLen; | 255 | *outBufLen = hashLen; |
252 | *outBuf = new unsigned char[*outBufLen]; | 256 | *outBuf = new unsigned char[*outBufLen]; |
253 | gcry_md_hash_buffer(algo, | 257 | gcry_md_hash_buffer(algo, |
254 | *outBuf, | 258 | *outBuf, |
255 | inBuf, | 259 | inBuf, |
256 | inBufLen); | 260 | inBufLen); |
257 | return ret; | 261 | return ret; |
258 | } | 262 | } |
259 | 263 | ||
260 | unsigned int LibGCryptIf::hashLength(char _algo) | 264 | unsigned int LibGCryptIf::hashLength(char _algo) |
261 | { | 265 | { |
262 | unsigned int ret; | 266 | unsigned int ret; |
263 | int algo = mapHashId(_algo); | 267 | int algo = mapHashId(_algo); |
264 | ret = gcry_md_get_algo_dlen(algo); | 268 | ret = gcry_md_get_algo_dlen(algo); |
265 | return ret; | 269 | return ret; |
266 | } | 270 | } |
267 | 271 | ||
268 | int LibGCryptIf::mapCipherId(char algo) | 272 | int LibGCryptIf::mapCipherId(char algo) |
269 | { | 273 | { |
270 | switch (algo) { | 274 | switch (algo) { |
271 | case PWM_CRYPT_AES128: | 275 | case PWM_CRYPT_AES128: |
272 | return GCRY_CIPHER_AES; | 276 | return GCRY_CIPHER_AES; |
273 | case PWM_CRYPT_AES192: | 277 | case PWM_CRYPT_AES192: |
274 | return GCRY_CIPHER_AES192; | 278 | return GCRY_CIPHER_AES192; |
275 | case PWM_CRYPT_AES256: | 279 | case PWM_CRYPT_AES256: |
276 | return GCRY_CIPHER_AES256; | 280 | return GCRY_CIPHER_AES256; |
277 | case PWM_CRYPT_3DES: | 281 | case PWM_CRYPT_3DES: |
278 | return GCRY_CIPHER_3DES; | 282 | return GCRY_CIPHER_3DES; |
279 | case PWM_CRYPT_TWOFISH: | 283 | case PWM_CRYPT_TWOFISH: |
280 | return GCRY_CIPHER_TWOFISH; | 284 | return GCRY_CIPHER_TWOFISH; |
281 | case PWM_CRYPT_TWOFISH128: | 285 | case PWM_CRYPT_TWOFISH128: |
282 | return GCRY_CIPHER_TWOFISH128; | 286 | return GCRY_CIPHER_TWOFISH128; |
283 | default: | 287 | default: |
284 | BUG(); | 288 | BUG(); |
285 | } | 289 | } |
286 | return GCRY_CIPHER_NONE; | 290 | return GCRY_CIPHER_NONE; |
287 | } | 291 | } |
288 | 292 | ||
289 | int LibGCryptIf::mapHashId(char algo) | 293 | int LibGCryptIf::mapHashId(char algo) |
290 | { | 294 | { |
291 | switch (algo) { | 295 | switch (algo) { |
292 | case PWM_HASH_SHA1: | 296 | case PWM_HASH_SHA1: |
293 | return GCRY_MD_SHA1; | 297 | return GCRY_MD_SHA1; |
294 | case PWM_HASH_SHA256: | 298 | case PWM_HASH_SHA256: |
295 | return GCRY_MD_SHA256; | 299 | return GCRY_MD_SHA256; |
296 | case PWM_HASH_SHA384: | 300 | case PWM_HASH_SHA384: |
297 | return GCRY_MD_SHA384; | 301 | return GCRY_MD_SHA384; |
298 | case PWM_HASH_SHA512: | 302 | case PWM_HASH_SHA512: |
299 | return GCRY_MD_SHA512; | 303 | return GCRY_MD_SHA512; |
300 | case PWM_HASH_MD5: | 304 | case PWM_HASH_MD5: |
301 | return GCRY_MD_MD5; | 305 | return GCRY_MD_MD5; |
302 | case PWM_HASH_RMD160: | 306 | case PWM_HASH_RMD160: |
303 | return GCRY_MD_RMD160; | 307 | return GCRY_MD_RMD160; |
304 | case PWM_HASH_TIGER: | 308 | case PWM_HASH_TIGER: |
305 | return GCRY_MD_TIGER; | 309 | return GCRY_MD_TIGER; |
306 | default: | 310 | default: |
307 | BUG(); | 311 | BUG(); |
308 | } | 312 | } |
309 | return GCRY_MD_NONE; | 313 | return GCRY_MD_NONE; |
310 | } | 314 | } |
311 | 315 | ||
312 | bool LibGCryptIf::hashPassphrase(const unsigned char *pw, | 316 | bool LibGCryptIf::hashPassphrase(const unsigned char *pw, |
313 | size_t pwlen, | 317 | size_t pwlen, |
314 | unsigned char *salt, | 318 | unsigned char *salt, |
315 | unsigned char *key, | 319 | unsigned char *key, |
316 | size_t keylen, | 320 | size_t keylen, |
317 | bool create) | 321 | bool create, |
322 | char _hashalgo //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
323 | ) | ||
318 | { | 324 | { |
319 | DEK dek; | 325 | DEK dek; |
320 | STRING2KEY s2k; | 326 | STRING2KEY s2k; |
321 | bool ret; | 327 | bool ret; |
322 | 328 | ||
323 | dek.keylen = keylen; | 329 | dek.keylen = keylen; |
324 | s2k.mode = 1; | 330 | s2k.mode = 1; |
325 | s2k.hash_algo = mapHashId(conf()->confGlobHashAlgo()); | 331 | //US bug: do not use the global hash algo here. Use the passed ago instead. The hashalgo stored in the file can |
332 | // be different from the one in the configuration. | ||
333 | s2k.hash_algo = mapHashId(_hashalgo //conf()->confGlobHashAlgo() | ||
334 | ); | ||
326 | s2k.count = 0; | 335 | s2k.count = 0; |
327 | if (!create) | 336 | if (!create) |
328 | memcpy(s2k.salt, salt, STRING2KEY_SALTLEN); | 337 | memcpy(s2k.salt, salt, STRING2KEY_SALTLEN); |
329 | ret = doHashPassphrase(&dek, | 338 | ret = doHashPassphrase(&dek, |
330 | pw, | 339 | pw, |
331 | pwlen, | 340 | pwlen, |
332 | &s2k, | 341 | &s2k, |
333 | create); | 342 | create); |
334 | if (!ret) | 343 | if (!ret) |
335 | goto out; | 344 | goto out; |
336 | memcpy(key, dek.key, dek.keylen); | 345 | memcpy(key, dek.key, dek.keylen); |
337 | if (create) | 346 | if (create) |
338 | memcpy(salt, s2k.salt, STRING2KEY_SALTLEN); | 347 | memcpy(salt, s2k.salt, STRING2KEY_SALTLEN); |
339 | out: | 348 | out: |
340 | return ret; | 349 | return ret; |
341 | } | 350 | } |
342 | 351 | ||
343 | 352 | ||
344 | bool LibGCryptIf::doHashPassphrase(DEK *dek, | 353 | bool LibGCryptIf::doHashPassphrase(DEK *dek, |
345 | const unsigned char *pw, | 354 | const unsigned char *pw, |
346 | size_t pwlen, | 355 | size_t pwlen, |
347 | STRING2KEY *s2k, | 356 | STRING2KEY *s2k, |
348 | bool create) | 357 | bool create) |
349 | { | 358 | { |
350 | // This function is derived from GnuPG-1.2.5-rc2 | 359 | // This function is derived from GnuPG-1.2.5-rc2 |
351 | gcry_md_hd_t md; | 360 | gcry_md_hd_t md; |
352 | gcry_error_t err; | 361 | gcry_error_t err; |
353 | bool ret = true; | 362 | bool ret = true; |
354 | size_t pass, i; | 363 | size_t pass, i; |
355 | size_t used = 0; | 364 | size_t used = 0; |
356 | 365 | ||
357 | PWM_ASSERT(s2k->hash_algo); | 366 | PWM_ASSERT(s2k->hash_algo); |
358 | BUG_ON(!(dek->keylen > 0 && dek->keylen <= array_size(dek->key))); | 367 | BUG_ON(!(dek->keylen > 0 && dek->keylen <= array_size(dek->key))); |
359 | 368 | ||
360 | err = gcry_md_open(&md, s2k->hash_algo, 0); | 369 | err = gcry_md_open(&md, s2k->hash_algo, 0); |
361 | if (err != GPG_ERR_NO_ERROR) { | 370 | if (err != GPG_ERR_NO_ERROR) { |
362 | ret = false; | 371 | ret = false; |
363 | goto out; | 372 | goto out; |
364 | } | 373 | } |
365 | for (pass = 0; used < dek->keylen; pass++) { | 374 | for (pass = 0; used < dek->keylen; pass++) { |
366 | if (pass) { | 375 | if (pass) { |
367 | gcry_md_reset(md); | 376 | gcry_md_reset(md); |
368 | for (i = 0; i < pass; i++) // preset the hash context | 377 | for (i = 0; i < pass; i++) // preset the hash context |
369 | gcry_md_putc(md, 0); | 378 | gcry_md_putc(md, 0); |
370 | } | 379 | } |
371 | if (s2k->mode == 1 || s2k->mode == 3) { | 380 | if (s2k->mode == 1 || s2k->mode == 3) { |
372 | size_t len2 = pwlen + 8; | 381 | size_t len2 = pwlen + 8; |
373 | size_t count = len2; | 382 | size_t count = len2; |
374 | 383 | ||
375 | if (create && !pass) { | 384 | if (create && !pass) { |
376 | Randomizer *rnd = Randomizer::obj(); | 385 | Randomizer *rnd = Randomizer::obj(); |
377 | const unsigned int salt_len = 8; | 386 | const unsigned int salt_len = 8; |
378 | string rndBuf(rnd->genRndBuf(salt_len)); | 387 | string rndBuf(rnd->genRndBuf(salt_len)); |
379 | memcpy(s2k->salt, rndBuf.c_str(), salt_len); | 388 | memcpy(s2k->salt, rndBuf.c_str(), salt_len); |
380 | if (s2k->mode == 3) | 389 | if (s2k->mode == 3) |
381 | s2k->count = 96; // 65536 iterations | 390 | s2k->count = 96; // 65536 iterations |
382 | } | 391 | } |
383 | if (s2k->mode == 3) { | 392 | if (s2k->mode == 3) { |
384 | count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6); | 393 | count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6); |
385 | if (count < len2) | 394 | if (count < len2) |
386 | count = len2; | 395 | count = len2; |
387 | } | 396 | } |
388 | // a little bit complicated because we need a ulong for count | 397 | // a little bit complicated because we need a ulong for count |
389 | while (count > len2) { // maybe iterated+salted | 398 | while (count > len2) { // maybe iterated+salted |
390 | gcry_md_write(md, s2k->salt, 8); | 399 | gcry_md_write(md, s2k->salt, 8); |
391 | gcry_md_write(md, pw, pwlen); | 400 | gcry_md_write(md, pw, pwlen); |
392 | count -= len2; | 401 | count -= len2; |
393 | } | 402 | } |
394 | if (count < 8) { | 403 | if (count < 8) { |
395 | gcry_md_write(md, s2k->salt, count); | 404 | gcry_md_write(md, s2k->salt, count); |
396 | } else { | 405 | } else { |
397 | gcry_md_write(md, s2k->salt, 8); | 406 | gcry_md_write(md, s2k->salt, 8); |
398 | count -= 8; | 407 | count -= 8; |
399 | gcry_md_write(md, pw, count); | 408 | gcry_md_write(md, pw, count); |
400 | } | 409 | } |
401 | } else | 410 | } else |
402 | gcry_md_write(md, pw, pwlen); | 411 | gcry_md_write(md, pw, pwlen); |
403 | gcry_md_final(md); | 412 | gcry_md_final(md); |
404 | i = gcry_md_get_algo_dlen(s2k->hash_algo); | 413 | i = gcry_md_get_algo_dlen(s2k->hash_algo); |
405 | if (i > dek->keylen - used) | 414 | if (i > dek->keylen - used) |
406 | i = dek->keylen - used; | 415 | i = dek->keylen - used; |
407 | memcpy(dek->key+used, gcry_md_read(md, s2k->hash_algo), i); | 416 | memcpy(dek->key+used, gcry_md_read(md, s2k->hash_algo), i); |
408 | used += i; | 417 | used += i; |
409 | } | 418 | } |
410 | gcry_md_close(md); | 419 | gcry_md_close(md); |
411 | out: | 420 | out: |
412 | return ret; | 421 | return ret; |
413 | } | 422 | } |
414 | 423 | ||
415 | void LibGCryptIf::padData(unsigned char *buf, | 424 | void LibGCryptIf::padData(unsigned char *buf, |
416 | size_t bufLen, | 425 | size_t bufLen, |
417 | size_t boundary) | 426 | size_t boundary) |
418 | { | 427 | { |
419 | size_t numPadBytes = boundary - ((bufLen + 1) % boundary); | 428 | size_t numPadBytes = boundary - ((bufLen + 1) % boundary); |
420 | buf[bufLen] = static_cast<char>(0x01); | 429 | buf[bufLen] = static_cast<char>(0x01); |
421 | size_t i = 0; | 430 | size_t i = 0; |
422 | Randomizer *rnd = Randomizer::obj(); | 431 | Randomizer *rnd = Randomizer::obj(); |
423 | char c; | 432 | char c; |
424 | unsigned char *b; | 433 | unsigned char *b; |
425 | while (i < numPadBytes) { | 434 | while (i < numPadBytes) { |
426 | c = rnd->genRndChar(); | 435 | c = rnd->genRndChar(); |
427 | if (c == static_cast<char>(0x01)) | 436 | if (c == static_cast<char>(0x01)) |
428 | continue; | 437 | continue; |
429 | b = buf + bufLen + 1 + i; | 438 | b = buf + bufLen + 1 + i; |
430 | *b = c; | 439 | *b = c; |
431 | ++i; | 440 | ++i; |
432 | } | 441 | } |
433 | } | 442 | } |
434 | 443 | ||
435 | void LibGCryptIf::unpadData(const unsigned char *buf, | 444 | void LibGCryptIf::unpadData(const unsigned char *buf, |
436 | size_t *bufLen) | 445 | size_t *bufLen) |
437 | { | 446 | { |
438 | size_t pos; | 447 | size_t pos; |
439 | BUG_ON(*bufLen % 8); | 448 | BUG_ON(*bufLen % 8); |
440 | pos = *bufLen - 1; | 449 | pos = *bufLen - 1; |
441 | while (buf[pos] != static_cast<char>(0x01)) { | 450 | while (buf[pos] != static_cast<char>(0x01)) { |
442 | qDebug("pos %d %d %d", pos, buf[pos], static_cast<char>(0x01) ); | 451 | //qDebug("pos %d %d %d", pos, buf[pos], static_cast<char>(0x01) ); |
443 | BUG_ON(!pos); | 452 | BUG_ON(!pos); |
444 | //LR BUG we should terminte the loop if p == 0 | 453 | //LR BUG we should terminte the loop if p == 0 |
445 | if ( pos == 0 ) | 454 | if ( pos == 0 ) |
446 | break; | 455 | break; |
447 | --pos; | 456 | --pos; |
448 | } | 457 | } |
449 | *bufLen = pos; | 458 | *bufLen = pos; |
450 | qDebug("ente "); | 459 | //qDebug("ente "); |
451 | } | 460 | } |
452 | 461 | ||
453 | #endif // CONFIG_PWMANAGER_GCRY | 462 | #endif // CONFIG_PWMANAGER_GCRY |
454 | 463 | ||
diff --git a/pwmanager/pwmanager/libgcryptif.h b/pwmanager/pwmanager/libgcryptif.h index 1a7b658..9a987a2 100644 --- a/pwmanager/pwmanager/libgcryptif.h +++ b/pwmanager/pwmanager/libgcryptif.h | |||
@@ -1,171 +1,177 @@ | |||
1 | /*************************************************************************** | 1 | /*************************************************************************** |
2 | * * | 2 | * * |
3 | * copyright (C) 2004 by Michael Buesch * | 3 | * copyright (C) 2004 by Michael Buesch * |
4 | * email: mbuesch@freenet.de * | 4 | * email: mbuesch@freenet.de * |
5 | * * | 5 | * * |
6 | * hashPassphrase() is derived from GnuPG and is * | 6 | * hashPassphrase() is derived from GnuPG and is * |
7 | * Copyright (C) 1998, 1999, 2000, 2001, 2003 * | 7 | * Copyright (C) 1998, 1999, 2000, 2001, 2003 * |
8 | * Free Software Foundation, Inc. * | 8 | * Free Software Foundation, Inc. * |
9 | * * | 9 | * * |
10 | * This program is free software; you can redistribute it and/or modify * | 10 | * This program is free software; you can redistribute it and/or modify * |
11 | * it under the terms of the GNU General Public License version 2 * | 11 | * it under the terms of the GNU General Public License version 2 * |
12 | * as published by the Free Software Foundation. * | 12 | * as published by the Free Software Foundation. * |
13 | * * | 13 | * * |
14 | ***************************************************************************/ | 14 | ***************************************************************************/ |
15 | 15 | ||
16 | /*************************************************************************** | 16 | /*************************************************************************** |
17 | * copyright (C) 2004 by Ulf Schenk | 17 | * copyright (C) 2004 by Ulf Schenk |
18 | * This file is originaly based on version 1.1 of pwmanager | 18 | * This file is originaly based on version 1.1 of pwmanager |
19 | * and was modified to run on embedded devices that run microkde | 19 | * and was modified to run on embedded devices that run microkde |
20 | * | 20 | * |
21 | * $Id$ | 21 | * $Id$ |
22 | **************************************************************************/ | 22 | **************************************************************************/ |
23 | 23 | ||
24 | #ifndef __LIBGCRYPTIF_H | 24 | #ifndef __LIBGCRYPTIF_H |
25 | #define __LIBGCRYPTIF_H | 25 | #define __LIBGCRYPTIF_H |
26 | 26 | ||
27 | #include "pwmexception.h" | 27 | #include "pwmexception.h" |
28 | 28 | ||
29 | //#undef CONFIG_PWMANAGER_GCRY // for debugging only. | 29 | //#undef CONFIG_PWMANAGER_GCRY // for debugging only. |
30 | #ifdef CONFIG_PWMANAGER_GCRY | 30 | #ifdef CONFIG_PWMANAGER_GCRY |
31 | 31 | ||
32 | #include <stddef.h> | 32 | #include <stddef.h> |
33 | #include <sys/types.h> | 33 | #include <sys/types.h> |
34 | #ifndef _WIN32_ | 34 | #ifndef _WIN32_ |
35 | #include <stdint.h> | 35 | #include <stdint.h> |
36 | #else | 36 | #else |
37 | #define uint8_t Q_UINT8 | 37 | #define uint8_t Q_UINT8 |
38 | #define byte Q_UINT8 | 38 | #define byte Q_UINT8 |
39 | #define uint32_t Q_UINT32 | 39 | #define uint32_t Q_UINT32 |
40 | #endif | 40 | #endif |
41 | #define STRING2KEY_SALTLEN8 | 41 | #define STRING2KEY_SALTLEN8 |
42 | 42 | ||
43 | /** interface class for the libgcrypt cipher and hash algorithms | 43 | /** interface class for the libgcrypt cipher and hash algorithms |
44 | * NOTE: Always allocate 1024 extra bytes for the inBuf (for padding) | 44 | * NOTE: Always allocate 1024 extra bytes for the inBuf (for padding) |
45 | */ | 45 | */ |
46 | class LibGCryptIf | 46 | class LibGCryptIf |
47 | { | 47 | { |
48 | protected: | 48 | protected: |
49 | struct STRING2KEY | 49 | struct STRING2KEY |
50 | { | 50 | { |
51 | int mode; | 51 | int mode; |
52 | int hash_algo; | 52 | int hash_algo; |
53 | uint8_t salt[STRING2KEY_SALTLEN]; | 53 | uint8_t salt[STRING2KEY_SALTLEN]; |
54 | uint32_t count; | 54 | uint32_t count; |
55 | }; | 55 | }; |
56 | struct DEK | 56 | struct DEK |
57 | { | 57 | { |
58 | size_t keylen; | 58 | size_t keylen; |
59 | uint8_t key[32]; // this is the largest used keylen (256 bit) | 59 | uint8_t key[32]; // this is the largest used keylen (256 bit) |
60 | }; | 60 | }; |
61 | 61 | ||
62 | public: | 62 | public: |
63 | LibGCryptIf() { } | 63 | LibGCryptIf() { } |
64 | /** is libgcrypt available? */ | 64 | /** is libgcrypt available? */ |
65 | static bool available() | 65 | static bool available() |
66 | { return true; } | 66 | { return true; } |
67 | /** encrypt data. _algo is the PWM_CRYPT_* ID | 67 | /** encrypt data. _algo is the PWM_CRYPT_* ID |
68 | * of the algorithm. | 68 | * of the algorithm. |
69 | */ | 69 | */ |
70 | PwMerror encrypt(unsigned char **outBuf, | 70 | PwMerror encrypt(unsigned char **outBuf, |
71 | size_t *outBufLen, | 71 | size_t *outBufLen, |
72 | unsigned char *inBuf, | 72 | unsigned char *inBuf, |
73 | size_t inBufLen, | 73 | size_t inBufLen, |
74 | const unsigned char *key, | 74 | const unsigned char *key, |
75 | size_t keylen, | 75 | size_t keylen, |
76 | char _algo); | 76 | char _algo, |
77 | char _hashalgo //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
78 | ); | ||
77 | /** decrypt data. _algo is the PWM_CRYPT_* ID | 79 | /** decrypt data. _algo is the PWM_CRYPT_* ID |
78 | * of the algorithm. | 80 | * of the algorithm. |
79 | */ | 81 | */ |
80 | PwMerror decrypt(unsigned char **outBuf, | 82 | PwMerror decrypt(unsigned char **outBuf, |
81 | size_t *outBufLen, | 83 | size_t *outBufLen, |
82 | const unsigned char *inBuf, | 84 | const unsigned char *inBuf, |
83 | size_t inBufLen, | 85 | size_t inBufLen, |
84 | const unsigned char *key, | 86 | const unsigned char *key, |
85 | size_t keylen, | 87 | size_t keylen, |
86 | char _algo); | 88 | char _algo, |
89 | char _hashalgo //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
90 | ); | ||
87 | /** hash data. _algo is the PWM_HASH_* ID of the hash */ | 91 | /** hash data. _algo is the PWM_HASH_* ID of the hash */ |
88 | PwMerror hash(unsigned char **outBuf, | 92 | PwMerror hash(unsigned char **outBuf, |
89 | size_t *outBufLen, | 93 | size_t *outBufLen, |
90 | const unsigned char *inBuf, | 94 | const unsigned char *inBuf, |
91 | size_t inBufLen, | 95 | size_t inBufLen, |
92 | char _algo); | 96 | char _algo); |
93 | /** returns the length of the hash. _algo is the PWM_HASH_* | 97 | /** returns the length of the hash. _algo is the PWM_HASH_* |
94 | * id of the hash. returns 0 on error. | 98 | * id of the hash. returns 0 on error. |
95 | */ | 99 | */ |
96 | unsigned int hashLength(char _algo); | 100 | unsigned int hashLength(char _algo); |
97 | 101 | ||
98 | protected: | 102 | protected: |
99 | /** returns the total buffer length */ | 103 | /** returns the total buffer length */ |
100 | size_t getBufLen(size_t inBufLen, size_t boundary) | 104 | size_t getBufLen(size_t inBufLen, size_t boundary) |
101 | { | 105 | { |
102 | return ((boundary - (inBufLen % boundary)) + inBufLen); | 106 | return ((boundary - (inBufLen % boundary)) + inBufLen); |
103 | } | 107 | } |
104 | /** pad the data up to the given boundary. | 108 | /** pad the data up to the given boundary. |
105 | * "buf" has to be big enough! | 109 | * "buf" has to be big enough! |
106 | */ | 110 | */ |
107 | void padData(unsigned char *buf, | 111 | void padData(unsigned char *buf, |
108 | size_t bufLen, | 112 | size_t bufLen, |
109 | size_t boundary); | 113 | size_t boundary); |
110 | /** unpad the data */ | 114 | /** unpad the data */ |
111 | void unpadData(const unsigned char *buf, | 115 | void unpadData(const unsigned char *buf, |
112 | size_t *bufLen); | 116 | size_t *bufLen); |
113 | /** maps the PWM_CRYPT_* ID of an algorithm | 117 | /** maps the PWM_CRYPT_* ID of an algorithm |
114 | * to the libgcrypt GCRY_CIPHER_* ID | 118 | * to the libgcrypt GCRY_CIPHER_* ID |
115 | */ | 119 | */ |
116 | int mapCipherId(char algo); | 120 | int mapCipherId(char algo); |
117 | /** maps the PWM_HASH_* ID of an algorithm | 121 | /** maps the PWM_HASH_* ID of an algorithm |
118 | * to the libgcrypt GCRY_MD_* ID | 122 | * to the libgcrypt GCRY_MD_* ID |
119 | */ | 123 | */ |
120 | int mapHashId(char algo); | 124 | int mapHashId(char algo); |
121 | /** hash a passphrase to a cipher key */ | 125 | /** hash a passphrase to a cipher key */ |
122 | bool hashPassphrase(const unsigned char *pw, | 126 | bool hashPassphrase(const unsigned char *pw, |
123 | size_t pwlen, | 127 | size_t pwlen, |
124 | unsigned char *salt, | 128 | unsigned char *salt, |
125 | unsigned char *key, | 129 | unsigned char *key, |
126 | size_t keylen, | 130 | size_t keylen, |
127 | bool create); | 131 | bool create, |
132 | char _hashalgo //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
133 | ); | ||
128 | /** hash a passphrase to a cipher key */ | 134 | /** hash a passphrase to a cipher key */ |
129 | bool doHashPassphrase(DEK *dek, | 135 | bool doHashPassphrase(DEK *dek, |
130 | const unsigned char *pw, | 136 | const unsigned char *pw, |
131 | size_t pwlen, | 137 | size_t pwlen, |
132 | STRING2KEY *s2k, | 138 | STRING2KEY *s2k, |
133 | bool create); | 139 | bool create); |
134 | }; | 140 | }; |
135 | 141 | ||
136 | 142 | ||
137 | #else // CONFIG_PWMANAGER_GCRY | 143 | #else // CONFIG_PWMANAGER_GCRY |
138 | /** libgcrypt is not installed. This is a NOP wrapper. */ | 144 | /** libgcrypt is not installed. This is a NOP wrapper. */ |
139 | class LibGCryptIf | 145 | class LibGCryptIf |
140 | { | 146 | { |
141 | public: | 147 | public: |
142 | LibGCryptIf() { } | 148 | LibGCryptIf() { } |
143 | static bool available() | 149 | static bool available() |
144 | { return false; } | 150 | { return false; } |
145 | PwMerror encrypt(unsigned char **, | 151 | PwMerror encrypt(unsigned char **, |
146 | size_t *, | 152 | size_t *, |
147 | unsigned char *, | 153 | unsigned char *, |
148 | size_t, | 154 | size_t, |
149 | const unsigned char *, | 155 | const unsigned char *, |
150 | size_t, | 156 | size_t, |
151 | char) | 157 | char) |
152 | { return e_cryptNotImpl; } | 158 | { return e_cryptNotImpl; } |
153 | PwMerror decrypt(unsigned char **, | 159 | PwMerror decrypt(unsigned char **, |
154 | size_t *, | 160 | size_t *, |
155 | const unsigned char *, | 161 | const unsigned char *, |
156 | size_t, | 162 | size_t, |
157 | const unsigned char *, | 163 | const unsigned char *, |
158 | size_t, | 164 | size_t, |
159 | char) | 165 | char) |
160 | { return e_cryptNotImpl; } | 166 | { return e_cryptNotImpl; } |
161 | PwMerror hash(unsigned char **, | 167 | PwMerror hash(unsigned char **, |
162 | size_t *, | 168 | size_t *, |
163 | const unsigned char *, | 169 | const unsigned char *, |
164 | size_t, | 170 | size_t, |
165 | char) | 171 | char) |
166 | { return e_hashNotImpl; } | 172 | { return e_hashNotImpl; } |
167 | unsigned int hashLength(char) | 173 | unsigned int hashLength(char) |
168 | { return 0; } | 174 | { return 0; } |
169 | }; | 175 | }; |
170 | #endif // CONFIG_PWMANAGER_GCRY | 176 | #endif // CONFIG_PWMANAGER_GCRY |
171 | #endif // __LIBGCRYPTIF_H | 177 | #endif // __LIBGCRYPTIF_H |
diff --git a/pwmanager/pwmanager/pwmdoc.cpp b/pwmanager/pwmanager/pwmdoc.cpp index 17cb74a..a740d6d 100644 --- a/pwmanager/pwmanager/pwmdoc.cpp +++ b/pwmanager/pwmanager/pwmdoc.cpp | |||
@@ -394,313 +394,313 @@ PwMerror PwMDoc::saveDoc(char compress, const QString *file) | |||
394 | } else { | 394 | } else { |
395 | return e_noPw; | 395 | return e_noPw; |
396 | } | 396 | } |
397 | if (useChipcard) { | 397 | if (useChipcard) { |
398 | setDocStatFlag(DOC_STAT_USE_CHIPCARD); | 398 | setDocStatFlag(DOC_STAT_USE_CHIPCARD); |
399 | } else { | 399 | } else { |
400 | unsetDocStatFlag(DOC_STAT_USE_CHIPCARD); | 400 | unsetDocStatFlag(DOC_STAT_USE_CHIPCARD); |
401 | } | 401 | } |
402 | } | 402 | } |
403 | 403 | ||
404 | int _cryptAlgo = conf()->confGlobCryptAlgo(); | 404 | int _cryptAlgo = conf()->confGlobCryptAlgo(); |
405 | int _hashAlgo = conf()->confGlobHashAlgo(); | 405 | int _hashAlgo = conf()->confGlobHashAlgo(); |
406 | 406 | ||
407 | // sanity check for the selected algorithms | 407 | // sanity check for the selected algorithms |
408 | if (_cryptAlgo < PWM_CRYPT_BLOWFISH || | 408 | if (_cryptAlgo < PWM_CRYPT_BLOWFISH || |
409 | _cryptAlgo > PWM_CRYPT_TWOFISH128) { | 409 | _cryptAlgo > PWM_CRYPT_TWOFISH128) { |
410 | printWarn("Invalid Crypto-Algorithm selected! " | 410 | printWarn("Invalid Crypto-Algorithm selected! " |
411 | "Config-file seems to be corrupt. " | 411 | "Config-file seems to be corrupt. " |
412 | "Falling back to Blowfish."); | 412 | "Falling back to Blowfish."); |
413 | _cryptAlgo = PWM_CRYPT_BLOWFISH; | 413 | _cryptAlgo = PWM_CRYPT_BLOWFISH; |
414 | } | 414 | } |
415 | if (_hashAlgo < PWM_HASH_SHA1 || | 415 | if (_hashAlgo < PWM_HASH_SHA1 || |
416 | _hashAlgo > PWM_HASH_TIGER) { | 416 | _hashAlgo > PWM_HASH_TIGER) { |
417 | printWarn("Invalid Hash-Algorithm selected! " | 417 | printWarn("Invalid Hash-Algorithm selected! " |
418 | "Config-file seems to be corrupt. " | 418 | "Config-file seems to be corrupt. " |
419 | "Falling back to SHA1."); | 419 | "Falling back to SHA1."); |
420 | _hashAlgo = PWM_HASH_SHA1; | 420 | _hashAlgo = PWM_HASH_SHA1; |
421 | } | 421 | } |
422 | char cryptAlgo = static_cast<char>(_cryptAlgo); | 422 | char cryptAlgo = static_cast<char>(_cryptAlgo); |
423 | char hashAlgo = static_cast<char>(_hashAlgo); | 423 | char hashAlgo = static_cast<char>(_hashAlgo); |
424 | 424 | ||
425 | if (conf()->confGlobMakeFileBackup()) { | 425 | if (conf()->confGlobMakeFileBackup()) { |
426 | if (!backupFile(filename)) | 426 | if (!backupFile(filename)) |
427 | return e_fileBackup; | 427 | return e_fileBackup; |
428 | } | 428 | } |
429 | if (QFile::exists(filename)) { | 429 | if (QFile::exists(filename)) { |
430 | /* Move the existing file to some tmp file. | 430 | /* Move the existing file to some tmp file. |
431 | * When saving file succeeds, delete tmp file. Otherwise | 431 | * When saving file succeeds, delete tmp file. Otherwise |
432 | * move tmp file back. See below. | 432 | * move tmp file back. See below. |
433 | */ | 433 | */ |
434 | Randomizer *rnd = Randomizer::obj(); | 434 | Randomizer *rnd = Randomizer::obj(); |
435 | char rnd_buf[5]; | 435 | char rnd_buf[5]; |
436 | sprintf(rnd_buf, "%X%X%X%X", rnd->genRndChar() & 0xFF, rnd->genRndChar() & 0xFF, | 436 | sprintf(rnd_buf, "%X%X%X%X", rnd->genRndChar() & 0xFF, rnd->genRndChar() & 0xFF, |
437 | rnd->genRndChar() & 0xFF, rnd->genRndChar() & 0xFF); | 437 | rnd->genRndChar() & 0xFF, rnd->genRndChar() & 0xFF); |
438 | tmpFileMoved = filename + "." + rnd_buf + ".mv"; | 438 | tmpFileMoved = filename + "." + rnd_buf + ".mv"; |
439 | if (!copyFile(filename, tmpFileMoved)) | 439 | if (!copyFile(filename, tmpFileMoved)) |
440 | return e_openFile; | 440 | return e_openFile; |
441 | if (!QFile::remove(filename)) { | 441 | if (!QFile::remove(filename)) { |
442 | printWarn(string("removing orig file ") | 442 | printWarn(string("removing orig file ") |
443 | + filename.latin1() | 443 | + filename.latin1() |
444 | + " failed!"); | 444 | + " failed!"); |
445 | } | 445 | } |
446 | } | 446 | } |
447 | f.setName(filename); | 447 | f.setName(filename); |
448 | if (!f.open(IO_ReadWrite)) { | 448 | if (!f.open(IO_ReadWrite)) { |
449 | ret = e_openFile; | 449 | ret = e_openFile; |
450 | goto out_moveback; | 450 | goto out_moveback; |
451 | } | 451 | } |
452 | e = writeFileHeader(hashAlgo, hashAlgo, | 452 | e = writeFileHeader(hashAlgo, hashAlgo, |
453 | cryptAlgo, compress, | 453 | cryptAlgo, compress, |
454 | ¤tPw, &f); | 454 | ¤tPw, &f); |
455 | if (e == e_hashNotImpl) { | 455 | if (e == e_hashNotImpl) { |
456 | printDebug("PwMDoc::saveDoc(): writeFileHeader() failed: e_hashNotImpl"); | 456 | printDebug("PwMDoc::saveDoc(): writeFileHeader() failed: e_hashNotImpl"); |
457 | f.close(); | 457 | f.close(); |
458 | ret = e_hashNotImpl; | 458 | ret = e_hashNotImpl; |
459 | goto out_moveback; | 459 | goto out_moveback; |
460 | } else if (e != e_success) { | 460 | } else if (e != e_success) { |
461 | printDebug("PwMDoc::saveDoc(): writeFileHeader() failed"); | 461 | printDebug("PwMDoc::saveDoc(): writeFileHeader() failed"); |
462 | f.close(); | 462 | f.close(); |
463 | ret = e_writeHeader; | 463 | ret = e_writeHeader; |
464 | goto out_moveback; | 464 | goto out_moveback; |
465 | } | 465 | } |
466 | if (!serializeDta(&serialized)) { | 466 | if (!serializeDta(&serialized)) { |
467 | printDebug("PwMDoc::saveDoc(): serializeDta() failed"); | 467 | printDebug("PwMDoc::saveDoc(): serializeDta() failed"); |
468 | f.close(); | 468 | f.close(); |
469 | ret = e_serializeDta; | 469 | ret = e_serializeDta; |
470 | goto out_moveback; | 470 | goto out_moveback; |
471 | } | 471 | } |
472 | e = writeDataHash(hashAlgo, &serialized, &f); | 472 | e = writeDataHash(hashAlgo, &serialized, &f); |
473 | if (e == e_hashNotImpl) { | 473 | if (e == e_hashNotImpl) { |
474 | printDebug("PwMDoc::saveDoc(): writeDataHash() failed: e_hashNotImpl"); | 474 | printDebug("PwMDoc::saveDoc(): writeDataHash() failed: e_hashNotImpl"); |
475 | f.close(); | 475 | f.close(); |
476 | ret = e_hashNotImpl; | 476 | ret = e_hashNotImpl; |
477 | goto out_moveback; | 477 | goto out_moveback; |
478 | } else if (e != e_success) { | 478 | } else if (e != e_success) { |
479 | printDebug("PwMDoc::saveDoc(): writeDataHash() failed"); | 479 | printDebug("PwMDoc::saveDoc(): writeDataHash() failed"); |
480 | f.close(); | 480 | f.close(); |
481 | ret = e_writeHeader; | 481 | ret = e_writeHeader; |
482 | goto out_moveback; | 482 | goto out_moveback; |
483 | } | 483 | } |
484 | if (!compressDta(&serialized, compress)) { | 484 | if (!compressDta(&serialized, compress)) { |
485 | printDebug("PwMDoc::saveDoc(): compressDta() failed"); | 485 | printDebug("PwMDoc::saveDoc(): compressDta() failed"); |
486 | f.close(); | 486 | f.close(); |
487 | ret = e_enc; | 487 | ret = e_enc; |
488 | goto out_moveback; | 488 | goto out_moveback; |
489 | } | 489 | } |
490 | e = encrypt(&serialized, ¤tPw, &f, cryptAlgo); | 490 | e = encrypt(&serialized, ¤tPw, &f, cryptAlgo, hashAlgo); |
491 | if (e == e_weakPw) { | 491 | if (e == e_weakPw) { |
492 | printDebug("PwMDoc::saveDoc(): encrypt() failed: e_weakPw"); | 492 | printDebug("PwMDoc::saveDoc(): encrypt() failed: e_weakPw"); |
493 | f.close(); | 493 | f.close(); |
494 | ret = e_weakPw; | 494 | ret = e_weakPw; |
495 | goto out_moveback; | 495 | goto out_moveback; |
496 | } else if (e == e_cryptNotImpl) { | 496 | } else if (e == e_cryptNotImpl) { |
497 | printDebug("PwMDoc::saveDoc(): encrypt() failed: e_cryptNotImpl"); | 497 | printDebug("PwMDoc::saveDoc(): encrypt() failed: e_cryptNotImpl"); |
498 | f.close(); | 498 | f.close(); |
499 | ret = e_cryptNotImpl; | 499 | ret = e_cryptNotImpl; |
500 | goto out_moveback; | 500 | goto out_moveback; |
501 | } else if (e != e_success) { | 501 | } else if (e != e_success) { |
502 | printDebug("PwMDoc::saveDoc(): encrypt() failed"); | 502 | printDebug("PwMDoc::saveDoc(): encrypt() failed"); |
503 | f.close(); | 503 | f.close(); |
504 | ret = e_enc; | 504 | ret = e_enc; |
505 | goto out_moveback; | 505 | goto out_moveback; |
506 | } | 506 | } |
507 | unsetDocStatFlag(DOC_STAT_DISK_DIRTY); | 507 | unsetDocStatFlag(DOC_STAT_DISK_DIRTY); |
508 | f.close(); | 508 | f.close(); |
509 | #ifndef _WIN32_ | 509 | #ifndef _WIN32_ |
510 | if (chmod(filename.latin1(), | 510 | if (chmod(filename.latin1(), |
511 | conf()->confGlobFilePermissions())) { | 511 | conf()->confGlobFilePermissions())) { |
512 | printWarn(string("chmod failed: ") + strerror(errno)); | 512 | printWarn(string("chmod failed: ") + strerror(errno)); |
513 | } | 513 | } |
514 | #endif | 514 | #endif |
515 | openDocList.edit(this, getTitle().latin1()); | 515 | openDocList.edit(this, getTitle().latin1()); |
516 | if (wasDeepLocked) { | 516 | if (wasDeepLocked) { |
517 | /* Do _not_ save the data with the deepLock() | 517 | /* Do _not_ save the data with the deepLock() |
518 | * call, because this will recurse | 518 | * call, because this will recurse |
519 | * into saveDoc() | 519 | * into saveDoc() |
520 | */ | 520 | */ |
521 | deepLock(true, false); | 521 | deepLock(true, false); |
522 | /* We don't check return value here, because | 522 | /* We don't check return value here, because |
523 | * it won't fail. See NOTE in deepLock() | 523 | * it won't fail. See NOTE in deepLock() |
524 | */ | 524 | */ |
525 | } | 525 | } |
526 | if (tmpFileMoved != QString::null) { | 526 | if (tmpFileMoved != QString::null) { |
527 | // now remove the moved file. | 527 | // now remove the moved file. |
528 | if (!QFile::remove(tmpFileMoved)) { | 528 | if (!QFile::remove(tmpFileMoved)) { |
529 | printWarn(string("removing file ") | 529 | printWarn(string("removing file ") |
530 | + tmpFileMoved.latin1() | 530 | + tmpFileMoved.latin1() |
531 | + " failed!"); | 531 | + " failed!"); |
532 | } | 532 | } |
533 | } | 533 | } |
534 | ret = e_success; | 534 | ret = e_success; |
535 | printDebug(string("writing file { name: ") | 535 | printDebug(string("writing file { name: ") |
536 | + filename.latin1() + " compress: " | 536 | + filename.latin1() + " compress: " |
537 | + tostr(static_cast<int>(compress)) + " cryptAlgo: " | 537 | + tostr(static_cast<int>(compress)) + " cryptAlgo: " |
538 | + tostr(static_cast<int>(cryptAlgo)) + " hashAlgo: " | 538 | + tostr(static_cast<int>(cryptAlgo)) + " hashAlgo: " |
539 | + tostr(static_cast<int>(hashAlgo)) | 539 | + tostr(static_cast<int>(hashAlgo)) |
540 | + " }"); | 540 | + " }"); |
541 | goto out; | 541 | goto out; |
542 | out_moveback: | 542 | out_moveback: |
543 | if (tmpFileMoved != QString::null) { | 543 | if (tmpFileMoved != QString::null) { |
544 | if (copyFile(tmpFileMoved, filename)) { | 544 | if (copyFile(tmpFileMoved, filename)) { |
545 | if (!QFile::remove(tmpFileMoved)) { | 545 | if (!QFile::remove(tmpFileMoved)) { |
546 | printWarn(string("removing tmp file ") | 546 | printWarn(string("removing tmp file ") |
547 | + filename.latin1() | 547 | + filename.latin1() |
548 | + " failed!"); | 548 | + " failed!"); |
549 | } | 549 | } |
550 | } else { | 550 | } else { |
551 | printWarn(string("couldn't copy file ") | 551 | printWarn(string("couldn't copy file ") |
552 | + tmpFileMoved.latin1() | 552 | + tmpFileMoved.latin1() |
553 | + " back to " | 553 | + " back to " |
554 | + filename.latin1()); | 554 | + filename.latin1()); |
555 | } | 555 | } |
556 | } | 556 | } |
557 | out: | 557 | out: |
558 | return ret; | 558 | return ret; |
559 | } | 559 | } |
560 | 560 | ||
561 | PwMerror PwMDoc::openDoc(const QString *file, int openLocked) | 561 | PwMerror PwMDoc::openDoc(const QString *file, int openLocked) |
562 | { | 562 | { |
563 | PWM_ASSERT(file); | 563 | PWM_ASSERT(file); |
564 | PWM_ASSERT(openLocked == 0 || openLocked == 1 || openLocked == 2); | 564 | PWM_ASSERT(openLocked == 0 || openLocked == 1 || openLocked == 2); |
565 | string decrypted, dataHash; | 565 | string decrypted, dataHash; |
566 | PwMerror ret; | 566 | PwMerror ret; |
567 | char cryptAlgo, dataHashType, compress; | 567 | char cryptAlgo, dataHashType, compress; |
568 | unsigned int headerLen; | 568 | unsigned int headerLen; |
569 | 569 | ||
570 | if (*file == "") | 570 | if (*file == "") |
571 | return e_readFile; | 571 | return e_readFile; |
572 | filename = *file; | 572 | filename = *file; |
573 | /* check if this file is already open. | 573 | /* check if this file is already open. |
574 | * This does not catch symlinks! | 574 | * This does not catch symlinks! |
575 | */ | 575 | */ |
576 | if (!isDeepLocked()) { | 576 | if (!isDeepLocked()) { |
577 | if (getOpenDocList()->find(filename.latin1())) | 577 | if (getOpenDocList()->find(filename.latin1())) |
578 | return e_alreadyOpen; | 578 | return e_alreadyOpen; |
579 | } | 579 | } |
580 | QFile f(filename); | 580 | QFile f(filename); |
581 | 581 | ||
582 | if (openLocked == 2) { | 582 | if (openLocked == 2) { |
583 | // open deep-locked | 583 | // open deep-locked |
584 | if (!QFile::exists(filename)) | 584 | if (!QFile::exists(filename)) |
585 | return e_openFile; | 585 | return e_openFile; |
586 | if (deepLock(true, false) != e_success) | 586 | if (deepLock(true, false) != e_success) |
587 | return e_openFile; | 587 | return e_openFile; |
588 | goto out_success; | 588 | goto out_success; |
589 | } | 589 | } |
590 | 590 | ||
591 | if (!f.open(IO_ReadOnly)) | 591 | if (!f.open(IO_ReadOnly)) |
592 | return e_openFile; | 592 | return e_openFile; |
593 | 593 | ||
594 | ret = checkHeader(&cryptAlgo, ¤tPw, &compress, &headerLen, | 594 | ret = checkHeader(&cryptAlgo, ¤tPw, &compress, &headerLen, |
595 | &dataHashType, &dataHash, &f); | 595 | &dataHashType, &dataHash, &f); |
596 | if (ret != e_success) { | 596 | if (ret != e_success) { |
597 | printDebug("PwMDoc::openDoc(): checkHeader() failed"); | 597 | printDebug("PwMDoc::openDoc(): checkHeader() failed"); |
598 | f.close(); | 598 | f.close(); |
599 | if (ret == e_wrongPw) { | 599 | if (ret == e_wrongPw) { |
600 | wrongMpwMsgBox(getDocStatFlag(DOC_STAT_USE_CHIPCARD)); | 600 | wrongMpwMsgBox(getDocStatFlag(DOC_STAT_USE_CHIPCARD)); |
601 | return ret; | 601 | return ret; |
602 | } else if (ret == e_noPw || | 602 | } else if (ret == e_noPw || |
603 | ret == e_fileVer || | 603 | ret == e_fileVer || |
604 | ret == e_fileFormat || | 604 | ret == e_fileFormat || |
605 | ret == e_hashNotImpl) { | 605 | ret == e_hashNotImpl) { |
606 | return ret; | 606 | return ret; |
607 | } else | 607 | } else |
608 | return e_readFile; | 608 | return e_readFile; |
609 | } | 609 | } |
610 | ret = decrypt(&decrypted, headerLen, ¤tPw, cryptAlgo, &f); | 610 | ret = decrypt(&decrypted, headerLen, ¤tPw, cryptAlgo, dataHashType, &f); |
611 | if (ret == e_cryptNotImpl) { | 611 | if (ret == e_cryptNotImpl) { |
612 | printDebug("PwMDoc::openDoc(): decrypt() failed: e_cryptNotImpl"); | 612 | printDebug("PwMDoc::openDoc(): decrypt() failed: e_cryptNotImpl"); |
613 | f.close(); | 613 | f.close(); |
614 | return e_cryptNotImpl; | 614 | return e_cryptNotImpl; |
615 | } else if (ret != e_success) { | 615 | } else if (ret != e_success) { |
616 | printDebug("PwMDoc::openDoc(): decrypt() failed"); | 616 | printDebug("PwMDoc::openDoc(): decrypt() failed"); |
617 | f.close(); | 617 | f.close(); |
618 | return e_readFile; | 618 | return e_readFile; |
619 | } | 619 | } |
620 | if (!decompressDta(&decrypted, compress)) { | 620 | if (!decompressDta(&decrypted, compress)) { |
621 | printDebug("PwMDoc::openDoc(): decompressDta() failed"); | 621 | printDebug("PwMDoc::openDoc(): decompressDta() failed"); |
622 | f.close(); | 622 | f.close(); |
623 | return e_fileCorrupt; | 623 | return e_fileCorrupt; |
624 | } | 624 | } |
625 | ret = checkDataHash(dataHashType, &dataHash, &decrypted); | 625 | ret = checkDataHash(dataHashType, &dataHash, &decrypted); |
626 | if (ret == e_hashNotImpl) { | 626 | if (ret == e_hashNotImpl) { |
627 | printDebug("PwMDoc::openDoc(): checkDataHash() failed: e_hashNotImpl"); | 627 | printDebug("PwMDoc::openDoc(): checkDataHash() failed: e_hashNotImpl"); |
628 | f.close(); | 628 | f.close(); |
629 | return e_hashNotImpl; | 629 | return e_hashNotImpl; |
630 | } else if (ret != e_success) { | 630 | } else if (ret != e_success) { |
631 | printDebug("PwMDoc::openDoc(): checkDataHash() failed"); | 631 | printDebug("PwMDoc::openDoc(): checkDataHash() failed"); |
632 | f.close(); | 632 | f.close(); |
633 | return e_fileCorrupt; | 633 | return e_fileCorrupt; |
634 | } | 634 | } |
635 | if (!deSerializeDta(&decrypted, openLocked == 1)) { | 635 | if (!deSerializeDta(&decrypted, openLocked == 1)) { |
636 | printDebug("PwMDoc::openDoc(): deSerializeDta() failed"); | 636 | printDebug("PwMDoc::openDoc(): deSerializeDta() failed"); |
637 | f.close(); | 637 | f.close(); |
638 | return e_readFile; | 638 | return e_readFile; |
639 | } | 639 | } |
640 | f.close(); | 640 | f.close(); |
641 | timer()->start(DocTimer::id_mpwTimer); | 641 | timer()->start(DocTimer::id_mpwTimer); |
642 | timer()->start(DocTimer::id_autoLockTimer); | 642 | timer()->start(DocTimer::id_autoLockTimer); |
643 | out_success: | 643 | out_success: |
644 | openDocList.edit(this, getTitle().latin1()); | 644 | openDocList.edit(this, getTitle().latin1()); |
645 | emit docOpened(this); | 645 | emit docOpened(this); |
646 | return e_success; | 646 | return e_success; |
647 | } | 647 | } |
648 | 648 | ||
649 | PwMerror PwMDoc::writeFileHeader(char keyHash, char dataHash, char crypt, char compress, | 649 | PwMerror PwMDoc::writeFileHeader(char keyHash, char dataHash, char crypt, char compress, |
650 | QString *pw, QFile *f) | 650 | QString *pw, QFile *f) |
651 | { | 651 | { |
652 | PWM_ASSERT(pw); | 652 | PWM_ASSERT(pw); |
653 | PWM_ASSERT(f); | 653 | PWM_ASSERT(f); |
654 | //US ENH: or maybe a bug: checking here for listView does not make sense because we do not check anywhere else | 654 | //US ENH: or maybe a bug: checking here for listView does not make sense because we do not check anywhere else |
655 | //Wenn I sync, I open a doc without a view => listView is 0 => Assertion | 655 | //Wenn I sync, I open a doc without a view => listView is 0 => Assertion |
656 | //USPWM_ASSERT(listView); | 656 | //USPWM_ASSERT(listView); |
657 | if (f->writeBlock(FILE_ID_HEADER, strlen(FILE_ID_HEADER)) != | 657 | if (f->writeBlock(FILE_ID_HEADER, strlen(FILE_ID_HEADER)) != |
658 | static_cast<Q_LONG>(strlen(FILE_ID_HEADER))) { | 658 | static_cast<Q_LONG>(strlen(FILE_ID_HEADER))) { |
659 | return e_writeFile; | 659 | return e_writeFile; |
660 | } | 660 | } |
661 | if (f->putch(PWM_FILE_VER) == -1 || | 661 | if (f->putch(PWM_FILE_VER) == -1 || |
662 | f->putch(keyHash) == -1 || | 662 | f->putch(keyHash) == -1 || |
663 | f->putch(dataHash) == -1 || | 663 | f->putch(dataHash) == -1 || |
664 | f->putch(crypt) == -1 || | 664 | f->putch(crypt) == -1 || |
665 | f->putch(compress) == -1 || | 665 | f->putch(compress) == -1 || |
666 | f->putch((getDocStatFlag(DOC_STAT_USE_CHIPCARD)) ? | 666 | f->putch((getDocStatFlag(DOC_STAT_USE_CHIPCARD)) ? |
667 | (static_cast<char>(0x01)) : (static_cast<char>(0x00))) == -1) { | 667 | (static_cast<char>(0x01)) : (static_cast<char>(0x00))) == -1) { |
668 | return e_writeFile; | 668 | return e_writeFile; |
669 | } | 669 | } |
670 | 670 | ||
671 | // write bytes of NUL-data. These bytes are reserved for future-use. | 671 | // write bytes of NUL-data. These bytes are reserved for future-use. |
672 | const int bufSize = 64; | 672 | const int bufSize = 64; |
673 | char tmp_buf[bufSize]; | 673 | char tmp_buf[bufSize]; |
674 | memset(tmp_buf, 0x00, bufSize); | 674 | memset(tmp_buf, 0x00, bufSize); |
675 | if (f->writeBlock(tmp_buf, bufSize) != bufSize) | 675 | if (f->writeBlock(tmp_buf, bufSize) != bufSize) |
676 | return e_writeFile; | 676 | return e_writeFile; |
677 | 677 | ||
678 | switch (keyHash) { | 678 | switch (keyHash) { |
679 | case PWM_HASH_SHA1: { | 679 | case PWM_HASH_SHA1: { |
680 | const int hashlen = SHA1_HASH_LEN_BYTE; | 680 | const int hashlen = SHA1_HASH_LEN_BYTE; |
681 | Sha1 hash; | 681 | Sha1 hash; |
682 | hash.sha1_write(reinterpret_cast<const byte *>(pw->latin1()), pw->length()); | 682 | hash.sha1_write(reinterpret_cast<const byte *>(pw->latin1()), pw->length()); |
683 | string ret = hash.sha1_read(); | 683 | string ret = hash.sha1_read(); |
684 | if (f->writeBlock(ret.c_str(), hashlen) != hashlen) | 684 | if (f->writeBlock(ret.c_str(), hashlen) != hashlen) |
685 | return e_writeFile; | 685 | return e_writeFile; |
686 | break; | 686 | break; |
687 | } | 687 | } |
688 | case PWM_HASH_SHA256: | 688 | case PWM_HASH_SHA256: |
689 | /*... fall through */ | 689 | /*... fall through */ |
690 | case PWM_HASH_SHA384: | 690 | case PWM_HASH_SHA384: |
691 | case PWM_HASH_SHA512: | 691 | case PWM_HASH_SHA512: |
692 | case PWM_HASH_MD5: | 692 | case PWM_HASH_MD5: |
693 | case PWM_HASH_RMD160: | 693 | case PWM_HASH_RMD160: |
694 | case PWM_HASH_TIGER: | 694 | case PWM_HASH_TIGER: |
695 | { | 695 | { |
696 | if (!LibGCryptIf::available()) | 696 | if (!LibGCryptIf::available()) |
697 | return e_hashNotImpl; | 697 | return e_hashNotImpl; |
698 | LibGCryptIf gc; | 698 | LibGCryptIf gc; |
699 | PwMerror err; | 699 | PwMerror err; |
700 | unsigned char *buf; | 700 | unsigned char *buf; |
701 | size_t hashLen; | 701 | size_t hashLen; |
702 | err = gc.hash(&buf, | 702 | err = gc.hash(&buf, |
703 | &hashLen, | 703 | &hashLen, |
704 | reinterpret_cast<const unsigned char *>(pw->latin1()), | 704 | reinterpret_cast<const unsigned char *>(pw->latin1()), |
705 | pw->length(), | 705 | pw->length(), |
706 | keyHash); | 706 | keyHash); |
@@ -1214,309 +1214,317 @@ bool PwMDoc::getEntry(const QString &category, unsigned int index, | |||
1214 | return getEntry(cat, index, d, unlockIfLocked); | 1214 | return getEntry(cat, index, d, unlockIfLocked); |
1215 | } | 1215 | } |
1216 | 1216 | ||
1217 | bool PwMDoc::getEntry(unsigned int category, unsigned int index, | 1217 | bool PwMDoc::getEntry(unsigned int category, unsigned int index, |
1218 | PwMDataItem *d, bool unlockIfLocked) | 1218 | PwMDataItem *d, bool unlockIfLocked) |
1219 | { | 1219 | { |
1220 | if (index > dti.dta[category].d.size() - 1) | 1220 | if (index > dti.dta[category].d.size() - 1) |
1221 | return false; | 1221 | return false; |
1222 | 1222 | ||
1223 | bool locked = isLocked(category, index); | 1223 | bool locked = isLocked(category, index); |
1224 | if (locked) { | 1224 | if (locked) { |
1225 | /* this entry is locked. We don't return a password, | 1225 | /* this entry is locked. We don't return a password, |
1226 | * until it's unlocked by the user by inserting | 1226 | * until it's unlocked by the user by inserting |
1227 | * chipcard or entering the mpw | 1227 | * chipcard or entering the mpw |
1228 | */ | 1228 | */ |
1229 | if (unlockIfLocked) { | 1229 | if (unlockIfLocked) { |
1230 | if (!lockAt(category, index, false)) { | 1230 | if (!lockAt(category, index, false)) { |
1231 | return false; | 1231 | return false; |
1232 | } | 1232 | } |
1233 | locked = false; | 1233 | locked = false; |
1234 | } | 1234 | } |
1235 | } | 1235 | } |
1236 | 1236 | ||
1237 | *d = dti.dta[category].d[index]; | 1237 | *d = dti.dta[category].d[index]; |
1238 | if (locked) | 1238 | if (locked) |
1239 | d->pw = LOCKED_STRING.latin1(); | 1239 | d->pw = LOCKED_STRING.latin1(); |
1240 | 1240 | ||
1241 | return true; | 1241 | return true; |
1242 | } | 1242 | } |
1243 | 1243 | ||
1244 | PwMerror PwMDoc::getCommentByLvp(const QString &category, int listViewPos, | 1244 | PwMerror PwMDoc::getCommentByLvp(const QString &category, int listViewPos, |
1245 | string *foundComment) | 1245 | string *foundComment) |
1246 | { | 1246 | { |
1247 | PWM_ASSERT(foundComment); | 1247 | PWM_ASSERT(foundComment); |
1248 | unsigned int cat = 0; | 1248 | unsigned int cat = 0; |
1249 | 1249 | ||
1250 | if (!findCategory(category, &cat)) | 1250 | if (!findCategory(category, &cat)) |
1251 | return e_invalidArg; | 1251 | return e_invalidArg; |
1252 | 1252 | ||
1253 | unsigned int i, entries = numEntries(cat); | 1253 | unsigned int i, entries = numEntries(cat); |
1254 | for (i = 0; i < entries; ++i) { | 1254 | for (i = 0; i < entries; ++i) { |
1255 | if (dti.dta[cat].d[i].listViewPos == listViewPos) { | 1255 | if (dti.dta[cat].d[i].listViewPos == listViewPos) { |
1256 | *foundComment = dti.dta[cat].d[i].comment; | 1256 | *foundComment = dti.dta[cat].d[i].comment; |
1257 | if (dti.dta[cat].d[i].binary) | 1257 | if (dti.dta[cat].d[i].binary) |
1258 | return e_binEntry; | 1258 | return e_binEntry; |
1259 | return e_normalEntry; | 1259 | return e_normalEntry; |
1260 | } | 1260 | } |
1261 | } | 1261 | } |
1262 | BUG(); | 1262 | BUG(); |
1263 | return e_generic; | 1263 | return e_generic; |
1264 | } | 1264 | } |
1265 | 1265 | ||
1266 | bool PwMDoc::compressDta(string *d, char algo) | 1266 | bool PwMDoc::compressDta(string *d, char algo) |
1267 | { | 1267 | { |
1268 | PWM_ASSERT(d); | 1268 | PWM_ASSERT(d); |
1269 | switch (algo) { | 1269 | switch (algo) { |
1270 | case PWM_COMPRESS_GZIP: { | 1270 | case PWM_COMPRESS_GZIP: { |
1271 | CompressGzip comp; | 1271 | CompressGzip comp; |
1272 | return comp.compress(d); | 1272 | return comp.compress(d); |
1273 | } | 1273 | } |
1274 | #ifndef PWM_EMBEDDED | 1274 | #ifndef PWM_EMBEDDED |
1275 | case PWM_COMPRESS_BZIP2: { | 1275 | case PWM_COMPRESS_BZIP2: { |
1276 | CompressBzip2 comp; | 1276 | CompressBzip2 comp; |
1277 | return comp.compress(d); | 1277 | return comp.compress(d); |
1278 | } | 1278 | } |
1279 | #endif | 1279 | #endif |
1280 | case PWM_COMPRESS_NONE: { | 1280 | case PWM_COMPRESS_NONE: { |
1281 | return true; | 1281 | return true; |
1282 | } default: { | 1282 | } default: { |
1283 | BUG(); | 1283 | BUG(); |
1284 | } | 1284 | } |
1285 | } | 1285 | } |
1286 | return false; | 1286 | return false; |
1287 | } | 1287 | } |
1288 | 1288 | ||
1289 | bool PwMDoc::decompressDta(string *d, char algo) | 1289 | bool PwMDoc::decompressDta(string *d, char algo) |
1290 | { | 1290 | { |
1291 | PWM_ASSERT(d); | 1291 | PWM_ASSERT(d); |
1292 | switch (algo) { | 1292 | switch (algo) { |
1293 | case PWM_COMPRESS_GZIP: { | 1293 | case PWM_COMPRESS_GZIP: { |
1294 | CompressGzip comp; | 1294 | CompressGzip comp; |
1295 | return comp.decompress(d); | 1295 | return comp.decompress(d); |
1296 | } | 1296 | } |
1297 | #ifndef PWM_EMBEDDED | 1297 | #ifndef PWM_EMBEDDED |
1298 | case PWM_COMPRESS_BZIP2: { | 1298 | case PWM_COMPRESS_BZIP2: { |
1299 | CompressBzip2 comp; | 1299 | CompressBzip2 comp; |
1300 | return comp.decompress(d); | 1300 | return comp.decompress(d); |
1301 | } | 1301 | } |
1302 | #endif | 1302 | #endif |
1303 | case PWM_COMPRESS_NONE: { | 1303 | case PWM_COMPRESS_NONE: { |
1304 | return true; | 1304 | return true; |
1305 | } | 1305 | } |
1306 | } | 1306 | } |
1307 | return false; | 1307 | return false; |
1308 | } | 1308 | } |
1309 | 1309 | ||
1310 | PwMerror PwMDoc::encrypt(string *d, const QString *pw, QFile *f, char algo) | 1310 | PwMerror PwMDoc::encrypt(string *d, const QString *pw, QFile *f, char algo, |
1311 | char hashalgo //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
1312 | ) | ||
1311 | { | 1313 | { |
1312 | PWM_ASSERT(d); | 1314 | PWM_ASSERT(d); |
1313 | PWM_ASSERT(pw); | 1315 | PWM_ASSERT(pw); |
1314 | PWM_ASSERT(f); | 1316 | PWM_ASSERT(f); |
1315 | 1317 | ||
1316 | size_t encSize; | 1318 | size_t encSize; |
1317 | byte *encrypted = 0; | 1319 | byte *encrypted = 0; |
1318 | 1320 | ||
1319 | switch (algo) { | 1321 | switch (algo) { |
1320 | case PWM_CRYPT_BLOWFISH: { | 1322 | case PWM_CRYPT_BLOWFISH: { |
1321 | Blowfish::padNull(d); | 1323 | Blowfish::padNull(d); |
1322 | encSize = d->length(); | 1324 | encSize = d->length(); |
1323 | encrypted = new byte[encSize]; | 1325 | encrypted = new byte[encSize]; |
1324 | Blowfish bf; | 1326 | Blowfish bf; |
1325 | if (bf.bf_setkey((byte *) pw->latin1(), pw->length())) { | 1327 | if (bf.bf_setkey((byte *) pw->latin1(), pw->length())) { |
1326 | delete [] encrypted; | 1328 | delete [] encrypted; |
1327 | return e_weakPw; | 1329 | return e_weakPw; |
1328 | } | 1330 | } |
1329 | bf.bf_encrypt((byte *) encrypted, (byte *) d->c_str(), encSize); | 1331 | bf.bf_encrypt((byte *) encrypted, (byte *) d->c_str(), encSize); |
1330 | break; | 1332 | break; |
1331 | } | 1333 | } |
1332 | case PWM_CRYPT_AES128: | 1334 | case PWM_CRYPT_AES128: |
1333 | /*... fall through */ | 1335 | /*... fall through */ |
1334 | case PWM_CRYPT_AES192: | 1336 | case PWM_CRYPT_AES192: |
1335 | case PWM_CRYPT_AES256: | 1337 | case PWM_CRYPT_AES256: |
1336 | case PWM_CRYPT_3DES: | 1338 | case PWM_CRYPT_3DES: |
1337 | case PWM_CRYPT_TWOFISH: | 1339 | case PWM_CRYPT_TWOFISH: |
1338 | case PWM_CRYPT_TWOFISH128: { | 1340 | case PWM_CRYPT_TWOFISH128: { |
1339 | if (!LibGCryptIf::available()) | 1341 | if (!LibGCryptIf::available()) |
1340 | return e_cryptNotImpl; | 1342 | return e_cryptNotImpl; |
1341 | LibGCryptIf gc; | 1343 | LibGCryptIf gc; |
1342 | PwMerror err; | 1344 | PwMerror err; |
1343 | unsigned char *plain = new unsigned char[d->length() + 1024]; | 1345 | unsigned char *plain = new unsigned char[d->length() + 1024]; |
1344 | memcpy(plain, d->c_str(), d->length()); | 1346 | memcpy(plain, d->c_str(), d->length()); |
1345 | err = gc.encrypt(&encrypted, | 1347 | err = gc.encrypt(&encrypted, |
1346 | &encSize, | 1348 | &encSize, |
1347 | plain, | 1349 | plain, |
1348 | d->length(), | 1350 | d->length(), |
1349 | reinterpret_cast<const unsigned char *>(pw->latin1()), | 1351 | reinterpret_cast<const unsigned char *>(pw->latin1()), |
1350 | pw->length(), | 1352 | pw->length(), |
1351 | algo); | 1353 | algo, |
1354 | hashalgo //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
1355 | ); | ||
1352 | delete [] plain; | 1356 | delete [] plain; |
1353 | if (err != e_success) | 1357 | if (err != e_success) |
1354 | return e_cryptNotImpl; | 1358 | return e_cryptNotImpl; |
1355 | break; | 1359 | break; |
1356 | } | 1360 | } |
1357 | default: { | 1361 | default: { |
1358 | delete_ifnot_null_array(encrypted); | 1362 | delete_ifnot_null_array(encrypted); |
1359 | return e_cryptNotImpl; | 1363 | return e_cryptNotImpl; |
1360 | } } | 1364 | } } |
1361 | 1365 | ||
1362 | // write encrypted data to file | 1366 | // write encrypted data to file |
1363 | if (f->writeBlock(reinterpret_cast<const char *>(encrypted), | 1367 | if (f->writeBlock(reinterpret_cast<const char *>(encrypted), |
1364 | static_cast<Q_ULONG>(encSize)) | 1368 | static_cast<Q_ULONG>(encSize)) |
1365 | != static_cast<Q_LONG>(encSize)) { | 1369 | != static_cast<Q_LONG>(encSize)) { |
1366 | delete_ifnot_null_array(encrypted); | 1370 | delete_ifnot_null_array(encrypted); |
1367 | return e_writeFile; | 1371 | return e_writeFile; |
1368 | } | 1372 | } |
1369 | delete_ifnot_null_array(encrypted); | 1373 | delete_ifnot_null_array(encrypted); |
1370 | return e_success; | 1374 | return e_success; |
1371 | } | 1375 | } |
1372 | 1376 | ||
1373 | PwMerror PwMDoc::decrypt(string *d, unsigned int pos, const QString *pw, | 1377 | PwMerror PwMDoc::decrypt(string *d, unsigned int pos, const QString *pw, |
1374 | char algo, QFile *f) | 1378 | char algo, |
1379 | char hashalgo, //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
1380 | QFile *f) | ||
1375 | { | 1381 | { |
1376 | PWM_ASSERT(d); | 1382 | PWM_ASSERT(d); |
1377 | PWM_ASSERT(pw); | 1383 | PWM_ASSERT(pw); |
1378 | PWM_ASSERT(f); | 1384 | PWM_ASSERT(f); |
1379 | 1385 | ||
1380 | unsigned int cryptLen = f->size() - pos; | 1386 | unsigned int cryptLen = f->size() - pos; |
1381 | byte *encrypted = new byte[cryptLen]; | 1387 | byte *encrypted = new byte[cryptLen]; |
1382 | byte *decrypted = new byte[cryptLen]; | 1388 | byte *decrypted = new byte[cryptLen]; |
1383 | 1389 | ||
1384 | f->at(pos); | 1390 | f->at(pos); |
1385 | #ifndef PWM_EMBEDDED | 1391 | #ifndef PWM_EMBEDDED |
1386 | if (f->readBlock(reinterpret_cast<char *>(encrypted), | 1392 | if (f->readBlock(reinterpret_cast<char *>(encrypted), |
1387 | static_cast<Q_ULONG>(cryptLen)) | 1393 | static_cast<Q_ULONG>(cryptLen)) |
1388 | != static_cast<Q_LONG>(cryptLen)) { | 1394 | != static_cast<Q_LONG>(cryptLen)) { |
1389 | delete [] encrypted; | 1395 | delete [] encrypted; |
1390 | delete [] decrypted; | 1396 | delete [] decrypted; |
1391 | return e_readFile; | 1397 | return e_readFile; |
1392 | } | 1398 | } |
1393 | #else | 1399 | #else |
1394 | if (f->readBlock((char *)(encrypted), | 1400 | if (f->readBlock((char *)(encrypted), |
1395 | (unsigned long)(cryptLen)) | 1401 | (unsigned long)(cryptLen)) |
1396 | != (long)(cryptLen)) { | 1402 | != (long)(cryptLen)) { |
1397 | delete [] encrypted; | 1403 | delete [] encrypted; |
1398 | delete [] decrypted; | 1404 | delete [] decrypted; |
1399 | return e_readFile; | 1405 | return e_readFile; |
1400 | } | 1406 | } |
1401 | #endif | 1407 | #endif |
1402 | switch (algo) { | 1408 | switch (algo) { |
1403 | case PWM_CRYPT_BLOWFISH: { | 1409 | case PWM_CRYPT_BLOWFISH: { |
1404 | Blowfish bf; | 1410 | Blowfish bf; |
1405 | bf.bf_setkey((byte *) pw->latin1(), pw->length()); | 1411 | bf.bf_setkey((byte *) pw->latin1(), pw->length()); |
1406 | bf.bf_decrypt(decrypted, encrypted, cryptLen); | 1412 | bf.bf_decrypt(decrypted, encrypted, cryptLen); |
1407 | break; | 1413 | break; |
1408 | } | 1414 | } |
1409 | case PWM_CRYPT_AES128: | 1415 | case PWM_CRYPT_AES128: |
1410 | /*... fall through */ | 1416 | /*... fall through */ |
1411 | case PWM_CRYPT_AES192: | 1417 | case PWM_CRYPT_AES192: |
1412 | case PWM_CRYPT_AES256: | 1418 | case PWM_CRYPT_AES256: |
1413 | case PWM_CRYPT_3DES: | 1419 | case PWM_CRYPT_3DES: |
1414 | case PWM_CRYPT_TWOFISH: | 1420 | case PWM_CRYPT_TWOFISH: |
1415 | case PWM_CRYPT_TWOFISH128: { | 1421 | case PWM_CRYPT_TWOFISH128: { |
1416 | if (!LibGCryptIf::available()) | 1422 | if (!LibGCryptIf::available()) |
1417 | return e_cryptNotImpl; | 1423 | return e_cryptNotImpl; |
1418 | LibGCryptIf gc; | 1424 | LibGCryptIf gc; |
1419 | PwMerror err; | 1425 | PwMerror err; |
1420 | err = gc.decrypt(&decrypted, | 1426 | err = gc.decrypt(&decrypted, |
1421 | &cryptLen, | 1427 | &cryptLen, |
1422 | encrypted, | 1428 | encrypted, |
1423 | cryptLen, | 1429 | cryptLen, |
1424 | reinterpret_cast<const unsigned char *>(pw->latin1()), | 1430 | reinterpret_cast<const unsigned char *>(pw->latin1()), |
1425 | pw->length(), | 1431 | pw->length(), |
1426 | algo); | 1432 | algo, |
1433 | hashalgo //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
1434 | ); | ||
1427 | if (err != e_success) { | 1435 | if (err != e_success) { |
1428 | delete [] encrypted; | 1436 | delete [] encrypted; |
1429 | delete [] decrypted; | 1437 | delete [] decrypted; |
1430 | return e_cryptNotImpl; | 1438 | return e_cryptNotImpl; |
1431 | } | 1439 | } |
1432 | break; | 1440 | break; |
1433 | } | 1441 | } |
1434 | default: { | 1442 | default: { |
1435 | delete [] encrypted; | 1443 | delete [] encrypted; |
1436 | delete [] decrypted; | 1444 | delete [] decrypted; |
1437 | return e_cryptNotImpl; | 1445 | return e_cryptNotImpl; |
1438 | } } | 1446 | } } |
1439 | delete [] encrypted; | 1447 | delete [] encrypted; |
1440 | #ifndef PWM_EMBEDDED | 1448 | #ifndef PWM_EMBEDDED |
1441 | d->assign(reinterpret_cast<const char *>(decrypted), | 1449 | d->assign(reinterpret_cast<const char *>(decrypted), |
1442 | static_cast<string::size_type>(cryptLen)); | 1450 | static_cast<string::size_type>(cryptLen)); |
1443 | #else | 1451 | #else |
1444 | d->assign((const char *)(decrypted), | 1452 | d->assign((const char *)(decrypted), |
1445 | (string::size_type)(cryptLen)); | 1453 | (string::size_type)(cryptLen)); |
1446 | #endif | 1454 | #endif |
1447 | delete [] decrypted; | 1455 | delete [] decrypted; |
1448 | if (algo == PWM_CRYPT_BLOWFISH) { | 1456 | if (algo == PWM_CRYPT_BLOWFISH) { |
1449 | if (!Blowfish::unpadNull(d)) { | 1457 | if (!Blowfish::unpadNull(d)) { |
1450 | BUG(); | 1458 | BUG(); |
1451 | return e_readFile; | 1459 | return e_readFile; |
1452 | } | 1460 | } |
1453 | } | 1461 | } |
1454 | return e_success; | 1462 | return e_success; |
1455 | } | 1463 | } |
1456 | 1464 | ||
1457 | PwMerror PwMDoc::checkDataHash(char dataHashType, const string *dataHash, | 1465 | PwMerror PwMDoc::checkDataHash(char dataHashType, const string *dataHash, |
1458 | const string *dataStream) | 1466 | const string *dataStream) |
1459 | { | 1467 | { |
1460 | PWM_ASSERT(dataHash); | 1468 | PWM_ASSERT(dataHash); |
1461 | PWM_ASSERT(dataStream); | 1469 | PWM_ASSERT(dataStream); |
1462 | switch(dataHashType) { | 1470 | switch(dataHashType) { |
1463 | case PWM_HASH_SHA1: { | 1471 | case PWM_HASH_SHA1: { |
1464 | Sha1 hash; | 1472 | Sha1 hash; |
1465 | hash.sha1_write((byte*)dataStream->c_str(), dataStream->length()); | 1473 | hash.sha1_write((byte*)dataStream->c_str(), dataStream->length()); |
1466 | string ret = hash.sha1_read(); | 1474 | string ret = hash.sha1_read(); |
1467 | if (ret != *dataHash) | 1475 | if (ret != *dataHash) |
1468 | return e_fileCorrupt; | 1476 | return e_fileCorrupt; |
1469 | break; | 1477 | break; |
1470 | } | 1478 | } |
1471 | case PWM_HASH_SHA256: | 1479 | case PWM_HASH_SHA256: |
1472 | /*... fall through */ | 1480 | /*... fall through */ |
1473 | case PWM_HASH_SHA384: | 1481 | case PWM_HASH_SHA384: |
1474 | case PWM_HASH_SHA512: | 1482 | case PWM_HASH_SHA512: |
1475 | case PWM_HASH_MD5: | 1483 | case PWM_HASH_MD5: |
1476 | case PWM_HASH_RMD160: | 1484 | case PWM_HASH_RMD160: |
1477 | case PWM_HASH_TIGER: { | 1485 | case PWM_HASH_TIGER: { |
1478 | if (!LibGCryptIf::available()) | 1486 | if (!LibGCryptIf::available()) |
1479 | return e_hashNotImpl; | 1487 | return e_hashNotImpl; |
1480 | LibGCryptIf gc; | 1488 | LibGCryptIf gc; |
1481 | PwMerror err; | 1489 | PwMerror err; |
1482 | unsigned char *buf; | 1490 | unsigned char *buf; |
1483 | size_t hashLen; | 1491 | size_t hashLen; |
1484 | err = gc.hash(&buf, | 1492 | err = gc.hash(&buf, |
1485 | &hashLen, | 1493 | &hashLen, |
1486 | reinterpret_cast<const unsigned char *>(dataStream->c_str()), | 1494 | reinterpret_cast<const unsigned char *>(dataStream->c_str()), |
1487 | dataStream->length(), | 1495 | dataStream->length(), |
1488 | dataHashType); | 1496 | dataHashType); |
1489 | if (err != e_success) | 1497 | if (err != e_success) |
1490 | return e_hashNotImpl; | 1498 | return e_hashNotImpl; |
1491 | string calcHash(reinterpret_cast<const char *>(buf), | 1499 | string calcHash(reinterpret_cast<const char *>(buf), |
1492 | static_cast<string::size_type>(hashLen)); | 1500 | static_cast<string::size_type>(hashLen)); |
1493 | delete [] buf; | 1501 | delete [] buf; |
1494 | if (calcHash != *dataHash) | 1502 | if (calcHash != *dataHash) |
1495 | return e_fileCorrupt; | 1503 | return e_fileCorrupt; |
1496 | break; | 1504 | break; |
1497 | } | 1505 | } |
1498 | default: | 1506 | default: |
1499 | return e_hashNotImpl; | 1507 | return e_hashNotImpl; |
1500 | } | 1508 | } |
1501 | return e_success; | 1509 | return e_success; |
1502 | } | 1510 | } |
1503 | 1511 | ||
1504 | bool PwMDoc::lockAt(unsigned int category, unsigned int index, | 1512 | bool PwMDoc::lockAt(unsigned int category, unsigned int index, |
1505 | bool lock) | 1513 | bool lock) |
1506 | { | 1514 | { |
1507 | if (index >= numEntries(category)) { | 1515 | if (index >= numEntries(category)) { |
1508 | BUG(); | 1516 | BUG(); |
1509 | return false; | 1517 | return false; |
1510 | } | 1518 | } |
1511 | if (lock == dti.dta[category].d[index].lockStat) | 1519 | if (lock == dti.dta[category].d[index].lockStat) |
1512 | return true; | 1520 | return true; |
1513 | 1521 | ||
1514 | if (!lock && currentPw != "") { | 1522 | if (!lock && currentPw != "") { |
1515 | // "unlocking" and "password is already set" | 1523 | // "unlocking" and "password is already set" |
1516 | if (!getDocStatFlag(DOC_STAT_UNLOCK_WITHOUT_PW)) { | 1524 | if (!getDocStatFlag(DOC_STAT_UNLOCK_WITHOUT_PW)) { |
1517 | // unlocking without pw not allowed | 1525 | // unlocking without pw not allowed |
1518 | QString pw; | 1526 | QString pw; |
1519 | pw = requestMpw(getDocStatFlag(DOC_STAT_USE_CHIPCARD)); | 1527 | pw = requestMpw(getDocStatFlag(DOC_STAT_USE_CHIPCARD)); |
1520 | if (pw != "") { | 1528 | if (pw != "") { |
1521 | if (pw != currentPw) { | 1529 | if (pw != currentPw) { |
1522 | wrongMpwMsgBox(getDocStatFlag(DOC_STAT_USE_CHIPCARD)); | 1530 | wrongMpwMsgBox(getDocStatFlag(DOC_STAT_USE_CHIPCARD)); |
diff --git a/pwmanager/pwmanager/pwmdoc.h b/pwmanager/pwmanager/pwmdoc.h index 138dd3d..9fcdda7 100644 --- a/pwmanager/pwmanager/pwmdoc.h +++ b/pwmanager/pwmanager/pwmdoc.h | |||
@@ -643,185 +643,189 @@ public: | |||
643 | void getDataChangedLock() | 643 | void getDataChangedLock() |
644 | { ++dataChangedLock; } | 644 | { ++dataChangedLock; } |
645 | /** put the dataChanged lock */ | 645 | /** put the dataChanged lock */ |
646 | void putDataChangedLock() | 646 | void putDataChangedLock() |
647 | { --dataChangedLock; } | 647 | { --dataChangedLock; } |
648 | /** returns the revision count of the item at cat/index */ | 648 | /** returns the revision count of the item at cat/index */ |
649 | unsigned int getEntryRevCnt(unsigned int category, unsigned int index) | 649 | unsigned int getEntryRevCnt(unsigned int category, unsigned int index) |
650 | { return dti.dta[category].d[index].rev; } | 650 | { return dti.dta[category].d[index].rev; } |
651 | /** returns a const pointer to the entries meta */ | 651 | /** returns a const pointer to the entries meta */ |
652 | const PwMMetaData * getEntryMeta(unsigned int category, unsigned int index) | 652 | const PwMMetaData * getEntryMeta(unsigned int category, unsigned int index) |
653 | { return &(dti.dta[category].d[index].meta); } | 653 | { return &(dti.dta[category].d[index].meta); } |
654 | /** is the entry at "category" "index" a binary entry? */ | 654 | /** is the entry at "category" "index" a binary entry? */ |
655 | bool isBinEntry(unsigned int category, unsigned int index) | 655 | bool isBinEntry(unsigned int category, unsigned int index) |
656 | { return dti.dta[category].d[index].binary; } | 656 | { return dti.dta[category].d[index].binary; } |
657 | 657 | ||
658 | public slots: | 658 | public slots: |
659 | /** wrapper for PwMTray */ | 659 | /** wrapper for PwMTray */ |
660 | void _deepUnlock(); | 660 | void _deepUnlock(); |
661 | 661 | ||
662 | signals: | 662 | signals: |
663 | /** the data of the document has changed and must be updated | 663 | /** the data of the document has changed and must be updated |
664 | * in all views. | 664 | * in all views. |
665 | * NOTE: use emitDataChanged(PwMDoc *document) to emit this signal! | 665 | * NOTE: use emitDataChanged(PwMDoc *document) to emit this signal! |
666 | */ | 666 | */ |
667 | void dataChanged(PwMDoc *document); | 667 | void dataChanged(PwMDoc *document); |
668 | /** the document class is going to close. This signal may be | 668 | /** the document class is going to close. This signal may be |
669 | * used to nofify all views, that the user closed the document, | 669 | * used to nofify all views, that the user closed the document, |
670 | * so the views can go down, too. | 670 | * so the views can go down, too. |
671 | */ | 671 | */ |
672 | void docClosed(PwMDoc *document); | 672 | void docClosed(PwMDoc *document); |
673 | /** somebody just opened the document */ | 673 | /** somebody just opened the document */ |
674 | void docOpened(PwMDoc *document); | 674 | void docOpened(PwMDoc *document); |
675 | /** this document object just got created */ | 675 | /** this document object just got created */ |
676 | void docCreated(PwMDoc *document); | 676 | void docCreated(PwMDoc *document); |
677 | 677 | ||
678 | public: | 678 | public: |
679 | /** emit the dataChanged signal after checking for a lock */ | 679 | /** emit the dataChanged signal after checking for a lock */ |
680 | void emitDataChanged(PwMDoc *document) | 680 | void emitDataChanged(PwMDoc *document) |
681 | { | 681 | { |
682 | if (!dataChangedLock) | 682 | if (!dataChangedLock) |
683 | emit dataChanged(document); | 683 | emit dataChanged(document); |
684 | } | 684 | } |
685 | 685 | ||
686 | protected: | 686 | protected: |
687 | /** current file for this doc */ | 687 | /** current file for this doc */ |
688 | QString filename; | 688 | QString filename; |
689 | //US ENH: we need a place where we keep the syncentries. So I invented | 689 | //US ENH: we need a place where we keep the syncentries. So I invented |
690 | // struct PwMItem, that has a vector of PwMCategoryItem and vector of PwMSyncItem | 690 | // struct PwMItem, that has a vector of PwMCategoryItem and vector of PwMSyncItem |
691 | /** holds all data */ | 691 | /** holds all data */ |
692 | PwMItem dti; | 692 | PwMItem dti; |
693 | /** maximum number of entries */ | 693 | /** maximum number of entries */ |
694 | unsigned int maxEntries; | 694 | unsigned int maxEntries; |
695 | /** currently used password to encrypt data */ | 695 | /** currently used password to encrypt data */ |
696 | QString currentPw; | 696 | QString currentPw; |
697 | /** current global document status flags */ | 697 | /** current global document status flags */ |
698 | unsigned int curDocStat; | 698 | unsigned int curDocStat; |
699 | /** browser process for goToURL() */ | 699 | /** browser process for goToURL() */ |
700 | KProcess browserProc; | 700 | KProcess browserProc; |
701 | /** pointer to the list-view, using this document. | 701 | /** pointer to the list-view, using this document. |
702 | * As there can only be one list-view per doc, we | 702 | * As there can only be one list-view per doc, we |
703 | * don't need a list here. | 703 | * don't need a list here. |
704 | */ | 704 | */ |
705 | PwMView *listView; | 705 | PwMView *listView; |
706 | /** unnamedNum is used to store the "unnamed counter" | 706 | /** unnamedNum is used to store the "unnamed counter" |
707 | * for this document, while it's unnamed. If it's 0, | 707 | * for this document, while it's unnamed. If it's 0, |
708 | * we have to get a new unique one. | 708 | * we have to get a new unique one. |
709 | */ | 709 | */ |
710 | unsigned int unnamedNum; | 710 | unsigned int unnamedNum; |
711 | /** is this doc going to be deleted (executing in destructor context) */ | 711 | /** is this doc going to be deleted (executing in destructor context) */ |
712 | bool deleted; | 712 | bool deleted; |
713 | /** document timer */ | 713 | /** document timer */ |
714 | DocTimer *_timer; | 714 | DocTimer *_timer; |
715 | /** lock counter for the "dataChanged" signal */ | 715 | /** lock counter for the "dataChanged" signal */ |
716 | unsigned int dataChangedLock; | 716 | unsigned int dataChangedLock; |
717 | 717 | ||
718 | /** list of all open documents */ | 718 | /** list of all open documents */ |
719 | static PwMDocList openDocList; | 719 | static PwMDocList openDocList; |
720 | 720 | ||
721 | protected: | 721 | protected: |
722 | /** serialize "dta" and return it in "d". */ | 722 | /** serialize "dta" and return it in "d". */ |
723 | bool serializeDta(string *d); | 723 | bool serializeDta(string *d); |
724 | /** de-serialize "d" and overwrite "dta" */ | 724 | /** de-serialize "d" and overwrite "dta" */ |
725 | bool deSerializeDta(const string *d, bool entriesLocked); | 725 | bool deSerializeDta(const string *d, bool entriesLocked); |
726 | /** write header to file */ | 726 | /** write header to file */ |
727 | PwMerror writeFileHeader(char keyHash, char dataHash, char crypt, char compress, | 727 | PwMerror writeFileHeader(char keyHash, char dataHash, char crypt, char compress, |
728 | QString *pw, QFile *f); | 728 | QString *pw, QFile *f); |
729 | /** write data-hash to file */ | 729 | /** write data-hash to file */ |
730 | PwMerror writeDataHash(char dataHash, string *d, QFile *f); | 730 | PwMerror writeDataHash(char dataHash, string *d, QFile *f); |
731 | /** check header. Read header info and verify key-hash and filever. | 731 | /** check header. Read header info and verify key-hash and filever. |
732 | * returns length of header in "headerLength" */ | 732 | * returns length of header in "headerLength" */ |
733 | PwMerror checkHeader(char *cryptAlgo, QString *pw, char *compress, | 733 | PwMerror checkHeader(char *cryptAlgo, QString *pw, char *compress, |
734 | unsigned int *headerLength, char *dataHashType, | 734 | unsigned int *headerLength, char *dataHashType, |
735 | string *dataHash, QFile *f); | 735 | string *dataHash, QFile *f); |
736 | /** check the data-hash */ | 736 | /** check the data-hash */ |
737 | PwMerror checkDataHash(char dataHashType, const string *dataHash, const string *dataStream); | 737 | PwMerror checkDataHash(char dataHashType, const string *dataHash, const string *dataStream); |
738 | /** encrypt data "d" and write to "filename" */ | 738 | /** encrypt data "d" and write to "filename" */ |
739 | PwMerror encrypt(string *d, const QString *pw, QFile *f, char algo); | 739 | PwMerror encrypt(string *d, const QString *pw, QFile *f, char algo, |
740 | char _hashalgo //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
741 | ); | ||
740 | /** read data from file beginning at "pos", decrypt and return it */ | 742 | /** read data from file beginning at "pos", decrypt and return it */ |
741 | PwMerror decrypt(string *d, unsigned int pos, const QString *pw, char algo, QFile *f); | 743 | PwMerror decrypt(string *d, unsigned int pos, const QString *pw, char algo, |
744 | char _hashalgo, //US BUG: pass _hashalgo because we need it in hashPassphrase | ||
745 | QFile *f); | ||
742 | /** compress the data */ | 746 | /** compress the data */ |
743 | bool compressDta(string *d, char algo); | 747 | bool compressDta(string *d, char algo); |
744 | /** uncompress the data */ | 748 | /** uncompress the data */ |
745 | bool decompressDta(string *d, char algo); | 749 | bool decompressDta(string *d, char algo); |
746 | /** internal import function for a text-file generated by PwM. | 750 | /** internal import function for a text-file generated by PwM. |
747 | * If this is not a valid PwM-exported file, it returns e_fileFormat */ | 751 | * If this is not a valid PwM-exported file, it returns e_fileFormat */ |
748 | PwMerror importText_PwM(const QString *file); | 752 | PwMerror importText_PwM(const QString *file); |
749 | /** PwM-text-import helper function to extract the name/pw/comment out | 753 | /** PwM-text-import helper function to extract the name/pw/comment out |
750 | * of one entry-line */ | 754 | * of one entry-line */ |
751 | bool textExtractEntry_PwM(const char *in, ssize_t in_size, string *out); | 755 | bool textExtractEntry_PwM(const char *in, ssize_t in_size, string *out); |
752 | /** compare two strings */ | 756 | /** compare two strings */ |
753 | bool compareString(const string &s1, const string &s2, bool caseSensitive, | 757 | bool compareString(const string &s1, const string &s2, bool caseSensitive, |
754 | bool exactWordMatch); | 758 | bool exactWordMatch); |
755 | /** clears all document-data */ | 759 | /** clears all document-data */ |
756 | void clearDoc(); | 760 | void clearDoc(); |
757 | /** delete all empty categories */ | 761 | /** delete all empty categories */ |
758 | void delAllEmptyCat(bool dontFlagDirty); | 762 | void delAllEmptyCat(bool dontFlagDirty); |
759 | /** set a document status flag */ | 763 | /** set a document status flag */ |
760 | void setDocStatFlag(unsigned int statFlag) | 764 | void setDocStatFlag(unsigned int statFlag) |
761 | { curDocStat |= statFlag; } | 765 | { curDocStat |= statFlag; } |
762 | /** unset a document status flag */ | 766 | /** unset a document status flag */ |
763 | void unsetDocStatFlag(unsigned int statFlag) | 767 | void unsetDocStatFlag(unsigned int statFlag) |
764 | { curDocStat &= ~statFlag; } | 768 | { curDocStat &= ~statFlag; } |
765 | /** get a document status flag */ | 769 | /** get a document status flag */ |
766 | bool getDocStatFlag(unsigned int statFlag) const | 770 | bool getDocStatFlag(unsigned int statFlag) const |
767 | { return (curDocStat & statFlag); } | 771 | { return (curDocStat & statFlag); } |
768 | /** set the "currentPassword" */ | 772 | /** set the "currentPassword" */ |
769 | void setCurrentPw(const QString &pw) | 773 | void setCurrentPw(const QString &pw) |
770 | { | 774 | { |
771 | currentPw = pw; | 775 | currentPw = pw; |
772 | setDocStatFlag(DOC_STAT_DISK_DIRTY); | 776 | setDocStatFlag(DOC_STAT_DISK_DIRTY); |
773 | } | 777 | } |
774 | /** make a backup-copy of the given file */ | 778 | /** make a backup-copy of the given file */ |
775 | bool backupFile(const QString &filePath); | 779 | bool backupFile(const QString &filePath); |
776 | /** copy a file from src to dst */ | 780 | /** copy a file from src to dst */ |
777 | bool copyFile(const QString &src, const QString &dst); | 781 | bool copyFile(const QString &src, const QString &dst); |
778 | 782 | ||
779 | 783 | ||
780 | public: | 784 | public: |
781 | #ifdef PWM_EMBEDDED | 785 | #ifdef PWM_EMBEDDED |
782 | //US ENH: this is the magic function that syncronizes the local doc with the remote doc. | 786 | //US ENH: this is the magic function that syncronizes the local doc with the remote doc. |
783 | PwMerror syncronize(KSyncManager* manager, PwMDoc* syncLocal, PwMDoc* syncRemote, int mode ); | 787 | PwMerror syncronize(KSyncManager* manager, PwMDoc* syncLocal, PwMDoc* syncRemote, int mode ); |
784 | 788 | ||
785 | //takePwMDataItem returns the following values | 789 | //takePwMDataItem returns the following values |
786 | // 0 equal | 790 | // 0 equal |
787 | // 1 take local | 791 | // 1 take local |
788 | // 2 take remote | 792 | // 2 take remote |
789 | // 3 cancel | 793 | // 3 cancel |
790 | int takePwMDataItem( PwMDataItem* local, PwMDataItem* remote, QDateTime lastSync, int mode , bool full ); | 794 | int takePwMDataItem( PwMDataItem* local, PwMDataItem* remote, QDateTime lastSync, int mode , bool full ); |
791 | 795 | ||
792 | //the following methods are the overwritten callbackmethods from the syncinterface | 796 | //the following methods are the overwritten callbackmethods from the syncinterface |
793 | virtual bool sync(KSyncManager* manager, QString filename, int mode); | 797 | virtual bool sync(KSyncManager* manager, QString filename, int mode); |
794 | virtual void removeSyncInfo( QString syncProfile); | 798 | virtual void removeSyncInfo( QString syncProfile); |
795 | 799 | ||
796 | #endif | 800 | #endif |
797 | //US ENH: helpermethods to return a whole category entry | 801 | //US ENH: helpermethods to return a whole category entry |
798 | /** returns a pointer to the categoryitem */ | 802 | /** returns a pointer to the categoryitem */ |
799 | PwMCategoryItem* getCategoryEntry(unsigned int index) | 803 | PwMCategoryItem* getCategoryEntry(unsigned int index) |
800 | { return &(dti.dta[index]); } | 804 | { return &(dti.dta[index]); } |
801 | 805 | ||
802 | private: | 806 | private: |
803 | //US ENH: helpermethods to access the sync data for a certain syncname. | 807 | //US ENH: helpermethods to access the sync data for a certain syncname. |
804 | // It returns the syncdatas index | 808 | // It returns the syncdatas index |
805 | bool findSyncData(const QString &syncname, unsigned int *index); | 809 | bool findSyncData(const QString &syncname, unsigned int *index); |
806 | 810 | ||
807 | /** add new syncdataentry */ | 811 | /** add new syncdataentry */ |
808 | PwMerror addSyncDataEntry(PwMSyncItem *d, bool dontFlagDirty = false); | 812 | PwMerror addSyncDataEntry(PwMSyncItem *d, bool dontFlagDirty = false); |
809 | 813 | ||
810 | /** returns a pointer to the syncdata */ | 814 | /** returns a pointer to the syncdata */ |
811 | PwMSyncItem* getSyncDataEntry(unsigned int index) | 815 | PwMSyncItem* getSyncDataEntry(unsigned int index) |
812 | { return &(dti.syncDta[index]); } | 816 | { return &(dti.syncDta[index]); } |
813 | 817 | ||
814 | /** delete entry */ | 818 | /** delete entry */ |
815 | bool delSyncDataEntry(unsigned int index, bool dontFlagDirty = false); | 819 | bool delSyncDataEntry(unsigned int index, bool dontFlagDirty = false); |
816 | 820 | ||
817 | /** returns number of categories */ | 821 | /** returns number of categories */ |
818 | unsigned int numSyncDataEntries() | 822 | unsigned int numSyncDataEntries() |
819 | { return dti.syncDta.size(); } | 823 | { return dti.syncDta.size(); } |
820 | 824 | ||
821 | PwMDataItem* findEntryByID(const QString &uid, unsigned int *category, unsigned int *index); | 825 | PwMDataItem* findEntryByID(const QString &uid, unsigned int *category, unsigned int *index); |
822 | 826 | ||
823 | QStringList getIDEntryList(); | 827 | QStringList getIDEntryList(); |
824 | 828 | ||
825 | }; | 829 | }; |
826 | 830 | ||
827 | #endif | 831 | #endif |