180f6f4ecb7eb657301a05254e04f08e8c513fbc
[claws.git] / src / password.c
1 /*
2  * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 2016 The Claws Mail Team
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <http://www.gnu.org/licenses/>.
17  *
18  */
19
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #include "claws-features.h"
23 #endif
24
25 #ifdef PASSWORD_CRYPTO_GNUTLS
26 # include <gnutls/gnutls.h>
27 # include <gnutls/crypto.h>
28 #endif
29
30 #include <glib.h>
31 #include <glib/gi18n.h>
32
33 #ifdef G_OS_UNIX
34 #include <fcntl.h>
35 #include <unistd.h>
36 #endif
37
38 #include "common/passcrypt.h"
39 #include "common/utils.h"
40 #include "account.h"
41 #include "alertpanel.h"
42 #include "inputdialog.h"
43 #include "password.h"
44 #include "prefs_common.h"
45
46 #ifndef PASSWORD_CRYPTO_OLD
47 static gchar *_master_password = NULL;
48
49 static const gchar *master_password()
50 {
51         gchar *input;
52         gboolean end = FALSE;
53
54         if (!prefs_common_get_prefs()->use_master_password) {
55                 return PASSCRYPT_KEY;
56         }
57
58         if (_master_password != NULL) {
59                 debug_print("Master password is in memory, offering it.\n");
60                 return _master_password;
61         }
62
63         while (!end) {
64                 input = input_dialog_with_invisible(_("Input master password"),
65                                 _("Input master password"), NULL);
66
67                 if (input == NULL) {
68                         debug_print("Cancel pressed at master password dialog.\n");
69                         break;
70                 }
71
72                 if (master_password_is_correct(input)) {
73                         debug_print("Entered master password seems to be correct, remembering it.\n");
74                         _master_password = input;
75                         end = TRUE;
76                 } else {
77                         alertpanel_error(_("Incorrect master password."));
78                 }
79         }
80
81         return _master_password;
82 }
83
84 const gboolean master_password_is_set()
85 {
86         if (prefs_common_get_prefs()->master_password_hash == NULL
87                         || strlen(prefs_common_get_prefs()->master_password_hash) == 0)
88                 return FALSE;
89
90         return TRUE;
91 }
92
93 const gboolean master_password_is_correct(const gchar *input)
94 {
95         gchar *hash;
96         gchar *stored_hash = prefs_common_get_prefs()->master_password_hash;
97         const GChecksumType hashtype = G_CHECKSUM_SHA512;
98         const gssize hashlen = g_checksum_type_get_length(hashtype);
99         gssize stored_len;
100
101         g_return_val_if_fail(input != NULL, FALSE);
102
103         if (stored_hash == NULL)
104                 return FALSE;
105
106         stored_len = strlen(stored_hash);
107         g_return_val_if_fail(stored_len == 2*hashlen, FALSE);
108
109         hash = g_compute_checksum_for_string(hashtype, input, -1);
110
111         if (!strncasecmp(hash, stored_hash, stored_len)) {
112                 g_free(hash);
113                 return TRUE;
114         }
115         g_free(hash);
116
117         return FALSE;
118 }
119
120 void master_password_change(const gchar *newp)
121 {
122         gchar *pwd, *newpwd;
123         const gchar *oldp;
124         GList *cur;
125         PrefsAccount *acc;
126
127         oldp = master_password();
128         g_return_if_fail(oldp != NULL);
129
130         /* Update master password hash in prefs */
131         if (prefs_common_get_prefs()->master_password_hash != NULL)
132                 g_free(prefs_common_get_prefs()->master_password_hash);
133
134         if (newp != NULL) {
135                 debug_print("Storing hash of new master password\n");
136                 prefs_common_get_prefs()->master_password_hash =
137                         g_compute_checksum_for_string(G_CHECKSUM_SHA512, newp, -1);
138         } else {
139                 debug_print("Setting master_password_hash to NULL\n");
140                 prefs_common_get_prefs()->master_password_hash = NULL;
141         }
142
143         /* Now go over all accounts, reencrypting their passwords using
144          * the new master password. */
145
146         if (oldp == NULL)
147                 oldp = PASSCRYPT_KEY;
148         if (newp == NULL)
149                 newp = PASSCRYPT_KEY;
150
151         debug_print("Reencrypting all account passwords...\n");
152         for (cur = account_get_list(); cur != NULL; cur = cur->next) {
153                 acc = (PrefsAccount *)cur->data;
154                 debug_print("account %s\n", acc->account_name);
155
156                 /* Password for receiving */
157                 if (acc->passwd != NULL && strlen(acc->passwd) > 0) {
158                         pwd = password_decrypt(acc->passwd, oldp);
159                         if (pwd == NULL) {
160                                 debug_print("failed to decrypt recv password with old master password\n");
161                         } else {
162                                 newpwd = password_encrypt(pwd, newp);
163                                 memset(pwd, 0, strlen(pwd));
164                                 g_free(pwd);
165                                 if (newpwd == NULL) {
166                                         debug_print("failed to encrypt recv password with new master password\n");
167                                 } else {
168                                         g_free(acc->passwd);
169                                         acc->passwd = newpwd;
170                                 }
171                         }
172                 }
173
174                 /* Password for sending */
175                 if (acc->smtp_passwd != NULL && strlen(acc->smtp_passwd) > 0) {
176                         pwd = password_decrypt(acc->smtp_passwd, oldp);
177                         if (pwd == NULL) {
178                                 debug_print("failed to decrypt smtp password with old master password\n");
179                         } else {
180                                 newpwd = password_encrypt(pwd, newp);
181                                 memset(pwd, 0, strlen(pwd));
182                                 g_free(pwd);
183                                 if (newpwd == NULL) {
184                                         debug_print("failed to encrypt smtp password with new master password\n");
185                                 } else {
186                                         g_free(acc->smtp_passwd);
187                                         acc->smtp_passwd = newpwd;
188                                 }
189                         }
190                 }
191         }
192
193         /* If master password is currently in memory (entered by user),
194          * get rid of it. User will have to enter the new one again. */
195         if (_master_password != NULL) {
196                 memset(_master_password, 0, strlen(_master_password));
197                 g_free(_master_password);
198         }
199         _master_password = NULL;
200 }
201 #endif
202
203 gchar *password_encrypt_old(const gchar *password)
204 {
205         if (!password || strlen(password) == 0) {
206                 return NULL;
207         }
208
209         gchar *encrypted = g_strdup(password);
210         gchar *encoded, *result;
211         gsize len = strlen(password);
212
213         passcrypt_encrypt(encrypted, len);
214         encoded = g_base64_encode(encrypted, len);
215         g_free(encrypted);
216         result = g_strconcat("!", encoded, NULL);
217         g_free(encoded);
218
219         return result;
220 }
221
222 gchar *password_decrypt_old(const gchar *password)
223 {
224         if (!password || strlen(password) == 0) {
225                 return NULL;
226         }
227
228         if (*password != '!' || strlen(password) < 2) {
229                 return NULL;
230         }
231
232         gsize len;
233         gchar *decrypted = g_base64_decode(password + 1, &len);
234
235         passcrypt_decrypt(decrypted, len);
236         return decrypted;
237 }
238
239 #ifdef PASSWORD_CRYPTO_GNUTLS
240 #define BUFSIZE 128
241
242 gchar *password_encrypt_gnutls(const gchar *password,
243                 const gchar *encryption_password)
244 {
245         /* Another, slightly inferior combination is AES-128-CBC + SHA-256.
246          * Any block cipher in CBC mode with keysize N and a hash algo with
247          * digest length 2*N would do. */
248         gnutls_cipher_algorithm_t algo = GNUTLS_CIPHER_AES_256_CBC;
249         gnutls_digest_algorithm_t digest = GNUTLS_DIG_SHA512;
250         gnutls_cipher_hd_t handle;
251         gnutls_datum_t key, iv;
252         int ivlen, keylen, digestlen, blocklen, ret, i;
253         unsigned char hashbuf[BUFSIZE], *buf, *encbuf, *base, *output;
254 #ifdef G_OS_UNIX
255         int rnd;
256 #endif
257
258         g_return_val_if_fail(password != NULL, NULL);
259         g_return_val_if_fail(encryption_password != NULL, NULL);
260
261         ivlen = gnutls_cipher_get_iv_size(algo);
262         keylen = gnutls_cipher_get_key_size(algo);
263         blocklen = gnutls_cipher_get_block_size(algo);
264         digestlen = gnutls_hash_get_len(digest);
265
266         /* Prepare key for cipher - first half of hash of passkey XORed with
267          * the second. */
268         memset(&hashbuf, 0, BUFSIZE);
269         if ((ret = gnutls_hash_fast(digest, encryption_password,
270                                         strlen(encryption_password), &hashbuf)) < 0) {
271                 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
272                 return NULL;
273         }
274         for (i = 0; i < digestlen/2; i++) {
275                 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
276         }
277
278         key.data = malloc(keylen);
279         memcpy(key.data, &hashbuf, keylen);
280         key.size = keylen;
281
282 #ifdef G_OS_UNIX
283         /* Prepare our source of random data. */
284         rnd = open("/dev/urandom", O_RDONLY);
285         if (rnd == -1) {
286                 perror("fopen on /dev/urandom");
287                 g_free(key.data);
288                 g_free(iv.data);
289                 return NULL;
290         }
291 #endif
292
293         /* Prepare random IV for cipher */
294         iv.data = malloc(ivlen);
295         iv.size = ivlen;
296 #ifdef G_OS_UNIX
297         ret = read(rnd, iv.data, ivlen);
298         if (ret != ivlen) {
299                 perror("read into iv");
300                 g_free(key.data);
301                 g_free(iv.data);
302                 close(rnd);
303                 return NULL;
304         }
305 #endif
306
307         /* Initialize the encryption */
308         ret = gnutls_cipher_init(&handle, algo, &key, &iv);
309         if (ret < 0) {
310                 g_free(key.data);
311                 g_free(iv.data);
312 #ifdef G_OS_UNIX
313                 close(rnd);
314 #endif
315                 return NULL;
316         }
317
318         /* Fill buf with one block of random data, our password, pad the
319          * rest with zero bytes. */
320         buf = malloc(BUFSIZE + blocklen);
321         memset(buf, 0, BUFSIZE);
322 #ifdef G_OS_UNIX
323         ret = read(rnd, buf, blocklen);
324         if (ret != blocklen) {
325                 perror("read into buffer");
326                 g_free(buf);
327                 g_free(key.data);
328                 g_free(iv.data);
329                 close(rnd);
330                 gnutls_cipher_deinit(handle);
331                 return NULL;
332         }
333
334         /* We don't need any more random data. */
335         close(rnd);
336 #endif
337
338         memcpy(buf + blocklen, password, strlen(password));
339
340         /* Encrypt into encbuf */
341         encbuf = malloc(BUFSIZE + blocklen);
342         memset(encbuf, 0, BUFSIZE + blocklen);
343         ret = gnutls_cipher_encrypt2(handle, buf, BUFSIZE + blocklen,
344                         encbuf, BUFSIZE + blocklen);
345         if (ret < 0) {
346                 g_free(key.data);
347                 g_free(iv.data);
348                 g_free(buf);
349                 g_free(encbuf);
350                 gnutls_cipher_deinit(handle);
351                 return NULL;
352         }
353
354         /* Cleanup */
355         gnutls_cipher_deinit(handle);
356         g_free(key.data);
357         g_free(iv.data);
358         g_free(buf);
359
360         /* And finally prepare the resulting string:
361          * "{algorithm}base64encodedciphertext" */
362         base = g_base64_encode(encbuf, BUFSIZE);
363         g_free(encbuf);
364         output = g_strdup_printf("{%s}%s", gnutls_cipher_get_name(algo), base);
365         g_free(base);
366
367         return output;
368 }
369
370 gchar *password_decrypt_gnutls(const gchar *password,
371                 const gchar *decryption_password)
372 {
373         gchar **tokens, *tmp;
374         gnutls_cipher_algorithm_t algo;
375         gnutls_digest_algorithm_t digest = GNUTLS_DIG_UNKNOWN;
376         gnutls_cipher_hd_t handle;
377         gnutls_datum_t key, iv;
378         int ivlen, keylen, digestlen, blocklen, ret, i;
379         gsize len;
380         unsigned char hashbuf[BUFSIZE], *buf;
381 #ifdef G_OS_UNIX
382         int rnd;
383 #endif
384
385         g_return_val_if_fail(password != NULL, NULL);
386         g_return_val_if_fail(decryption_password != NULL, NULL);
387
388         tokens = g_strsplit_set(password, "{}", 3);
389
390         /* Parse the string, retrieving algorithm and encrypted data.
391          * We expect "{algorithm}base64encodedciphertext". */
392         if (strlen(tokens[0]) != 0 ||
393                         (algo = gnutls_cipher_get_id(tokens[1])) == GNUTLS_CIPHER_UNKNOWN ||
394                         strlen(tokens[2]) == 0)
395                 return NULL;
396
397         /* Our hash algo needs to have digest length twice as long as our
398          * cipher algo's key length. */
399         if (algo == GNUTLS_CIPHER_AES_256_CBC) {
400                 debug_print("Using AES-256-CBC + SHA-512 for decryption\n");
401                 digest = GNUTLS_DIG_SHA512;
402         } else if (algo == GNUTLS_CIPHER_AES_128_CBC) {
403                 debug_print("Using AES-128-CBC + SHA-256 for decryption\n");
404                 digest = GNUTLS_DIG_SHA256;
405         }
406         if (digest == GNUTLS_DIG_UNKNOWN) {
407                 debug_print("Password is encrypted with unsupported cipher, giving up.\n");
408                 g_strfreev(tokens);
409                 return NULL;
410         }
411
412         ivlen = gnutls_cipher_get_iv_size(algo);
413         keylen = gnutls_cipher_get_key_size(algo);
414         blocklen = gnutls_cipher_get_block_size(algo);
415         digestlen = gnutls_hash_get_len(digest);
416
417         /* Prepare key for cipher - first half of hash of passkey XORed with
418          * the second. AES-256 has key length 32 and length of SHA-512 hash
419          * is exactly twice that, 64. */
420         memset(&hashbuf, 0, BUFSIZE);
421         if ((ret = gnutls_hash_fast(digest, decryption_password,
422                                         strlen(decryption_password), &hashbuf)) < 0) {
423                 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
424                 g_strfreev(tokens);
425                 return NULL;
426         }
427         for (i = 0; i < digestlen/2; i++) {
428                 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
429         }
430
431         key.data = malloc(keylen);
432         memcpy(key.data, &hashbuf, keylen);
433         key.size = keylen;
434
435 #ifdef G_OS_UNIX
436         /* Prepare our source of random data. */
437         rnd = open("/dev/urandom", O_RDONLY);
438         if (rnd == -1) {
439                 perror("fopen on /dev/urandom");
440                 g_free(key.data);
441                 g_free(iv.data);
442                 g_strfreev(tokens);
443                 return NULL;
444         }
445 #endif
446
447         /* Prepare random IV for cipher */
448         iv.data = malloc(ivlen);
449         iv.size = ivlen;
450 #ifdef G_OS_UNIX
451         ret = read(rnd, iv.data, ivlen);
452         if (ret != ivlen) {
453                 perror("read into iv");
454                 g_free(key.data);
455                 g_free(iv.data);
456                 g_strfreev(tokens);
457                 close(rnd);
458                 return NULL;
459         }
460
461         /* We don't need any more random data. */
462         close(rnd);
463 #endif
464
465         /* Prepare encrypted password string for decryption. */
466         tmp = g_base64_decode(tokens[2], &len);
467         g_strfreev(tokens);
468
469         /* Initialize the decryption */
470         ret = gnutls_cipher_init(&handle, algo, &key, &iv);
471         if (ret < 0) {
472                 debug_print("Cipher init failed: %s\n", gnutls_strerror(ret));
473                 g_free(key.data);
474                 g_free(iv.data);
475                 return NULL;
476         }
477
478         buf = malloc(BUFSIZE + blocklen);
479         memset(buf, 0, BUFSIZE + blocklen);
480         ret = gnutls_cipher_decrypt2(handle, tmp, len,
481                         buf, BUFSIZE + blocklen);
482         if (ret < 0) {
483                 debug_print("Decryption failed: %s\n", gnutls_strerror(ret));
484                 g_free(key.data);
485                 g_free(iv.data);
486                 g_free(buf);
487                 gnutls_cipher_deinit(handle);
488                 return NULL;
489         }
490
491         /* Cleanup */
492         gnutls_cipher_deinit(handle);
493         g_free(key.data);
494         g_free(iv.data);
495
496         tmp = g_strndup(buf + blocklen, MIN(strlen(buf + blocklen), BUFSIZE));
497         g_free(buf);
498         return tmp;
499 }
500
501 #undef BUFSIZE
502
503 #endif
504
505 gchar *password_encrypt(const gchar *password,
506                 const gchar *encryption_password)
507 {
508         if (password == NULL || strlen(password) == 0) {
509                 return NULL;
510         }
511
512 #ifndef PASSWORD_CRYPTO_OLD
513         if (encryption_password == NULL)
514                 encryption_password = master_password();
515
516         return password_encrypt_real(password, encryption_password);
517 #endif
518
519         return password_encrypt_old(password);
520 }
521
522 gchar *password_decrypt(const gchar *password,
523                 const gchar *decryption_password)
524 {
525         if (password == NULL || strlen(password) == 0) {
526                 return NULL;
527         }
528
529         /* First, check if the password was possibly decrypted using old,
530          * obsolete method */
531         if (*password == '!') {
532                 debug_print("Trying to decrypt password using the old method...\n");
533                 return password_decrypt_old(password);
534         }
535
536         /* Try available crypto backend */
537 #ifndef PASSWORD_CRYPTO_OLD
538         if (decryption_password == NULL)
539                 decryption_password = master_password();
540
541         if (*password == '{') {
542                 debug_print("Trying to decrypt password...\n");
543                 return password_decrypt_real(password, decryption_password);
544         }
545 #endif
546
547         /* Fallback, in case the configuration is really old and
548          * stored password in plaintext */
549         debug_print("Assuming password was stored plaintext, returning it unchanged\n");
550         return g_strdup(password);
551 }