4f9ee16e38646d9aa7bc690bd04b97a5fc5da1fd
[claws.git] / src / password.c
1 /*
2  * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 2016 The Claws Mail Team
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <http://www.gnu.org/licenses/>.
17  *
18  */
19
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #include "claws-features.h"
23 #endif
24
25 #ifdef PASSWORD_CRYPTO_GNUTLS
26 # include <gnutls/gnutls.h>
27 # include <gnutls/crypto.h>
28 #endif
29
30 #include <glib.h>
31 #include <glib/gi18n.h>
32
33 #ifdef G_OS_UNIX
34 #include <fcntl.h>
35 #include <unistd.h>
36 #endif
37
38 #include "common/passcrypt.h"
39 #include "common/plugin.h"
40 #include "common/utils.h"
41 #include "account.h"
42 #include "alertpanel.h"
43 #include "inputdialog.h"
44 #include "password.h"
45 #include "prefs_common.h"
46
47 #ifndef PASSWORD_CRYPTO_OLD
48 static gchar *_master_password = NULL;
49
50 static const gchar *master_password()
51 {
52         gchar *input;
53         gboolean end = FALSE;
54
55         if (!prefs_common_get_prefs()->use_master_password) {
56                 return PASSCRYPT_KEY;
57         }
58
59         if (_master_password != NULL) {
60                 debug_print("Master password is in memory, offering it.\n");
61                 return _master_password;
62         }
63
64         while (!end) {
65                 input = input_dialog_with_invisible(_("Input master password"),
66                                 _("Input master password"), NULL);
67
68                 if (input == NULL) {
69                         debug_print("Cancel pressed at master password dialog.\n");
70                         break;
71                 }
72
73                 if (master_password_is_correct(input)) {
74                         debug_print("Entered master password seems to be correct, remembering it.\n");
75                         _master_password = input;
76                         end = TRUE;
77                 } else {
78                         alertpanel_error(_("Incorrect master password."));
79                 }
80         }
81
82         return _master_password;
83 }
84
85 const gboolean master_password_is_set()
86 {
87         if (prefs_common_get_prefs()->master_password_hash == NULL
88                         || strlen(prefs_common_get_prefs()->master_password_hash) == 0)
89                 return FALSE;
90
91         return TRUE;
92 }
93
94 const gboolean master_password_is_correct(const gchar *input)
95 {
96         gchar *hash;
97         gchar *stored_hash = prefs_common_get_prefs()->master_password_hash;
98         const GChecksumType hashtype = G_CHECKSUM_SHA512;
99         const gssize hashlen = g_checksum_type_get_length(hashtype);
100         gssize stored_len;
101
102         g_return_val_if_fail(input != NULL, FALSE);
103
104         if (stored_hash == NULL)
105                 return FALSE;
106
107         stored_len = strlen(stored_hash);
108         g_return_val_if_fail(stored_len == 2*hashlen, FALSE);
109
110         hash = g_compute_checksum_for_string(hashtype, input, -1);
111
112         if (!strncasecmp(hash, stored_hash, stored_len)) {
113                 g_free(hash);
114                 return TRUE;
115         }
116         g_free(hash);
117
118         return FALSE;
119 }
120
121 gboolean master_password_is_entered()
122 {
123         return (_master_password == NULL) ? FALSE : TRUE;
124 }
125
126 void master_password_forget()
127 {
128         /* If master password is currently in memory (entered by user),
129          * get rid of it. User will have to enter the new one again. */
130         if (_master_password != NULL) {
131                 memset(_master_password, 0, strlen(_master_password));
132                 g_free(_master_password);
133         }
134         _master_password = NULL;
135 }
136
137 void master_password_change(const gchar *newp)
138 {
139         gchar *pwd, *newpwd;
140         const gchar *oldp;
141         GList *cur;
142         PrefsAccount *acc;
143
144         /* Make sure the user has to enter the master password before
145          * being able to change it. */
146         master_password_forget();
147
148         oldp = master_password();
149         g_return_if_fail(oldp != NULL);
150
151         /* Update master password hash in prefs */
152         if (prefs_common_get_prefs()->master_password_hash != NULL)
153                 g_free(prefs_common_get_prefs()->master_password_hash);
154
155         if (newp != NULL) {
156                 debug_print("Storing hash of new master password\n");
157                 prefs_common_get_prefs()->master_password_hash =
158                         g_compute_checksum_for_string(G_CHECKSUM_SHA512, newp, -1);
159         } else {
160                 debug_print("Setting master_password_hash to NULL\n");
161                 prefs_common_get_prefs()->master_password_hash = NULL;
162         }
163
164         /* Now go over all accounts, reencrypting their passwords using
165          * the new master password. */
166
167         if (oldp == NULL)
168                 oldp = PASSCRYPT_KEY;
169         if (newp == NULL)
170                 newp = PASSCRYPT_KEY;
171
172         debug_print("Reencrypting all account passwords...\n");
173         for (cur = account_get_list(); cur != NULL; cur = cur->next) {
174                 acc = (PrefsAccount *)cur->data;
175                 debug_print("account %s\n", acc->account_name);
176
177                 /* Password for receiving */
178                 if (acc->passwd != NULL && strlen(acc->passwd) > 0) {
179                         pwd = password_decrypt(acc->passwd, oldp);
180                         if (pwd == NULL) {
181                                 debug_print("failed to decrypt recv password with old master password\n");
182                         } else {
183                                 newpwd = password_encrypt(pwd, newp);
184                                 memset(pwd, 0, strlen(pwd));
185                                 g_free(pwd);
186                                 if (newpwd == NULL) {
187                                         debug_print("failed to encrypt recv password with new master password\n");
188                                 } else {
189                                         g_free(acc->passwd);
190                                         acc->passwd = newpwd;
191                                 }
192                         }
193                 }
194
195                 /* Password for sending */
196                 if (acc->smtp_passwd != NULL && strlen(acc->smtp_passwd) > 0) {
197                         pwd = password_decrypt(acc->smtp_passwd, oldp);
198                         if (pwd == NULL) {
199                                 debug_print("failed to decrypt smtp password with old master password\n");
200                         } else {
201                                 newpwd = password_encrypt(pwd, newp);
202                                 memset(pwd, 0, strlen(pwd));
203                                 g_free(pwd);
204                                 if (newpwd == NULL) {
205                                         debug_print("failed to encrypt smtp password with new master password\n");
206                                 } else {
207                                         g_free(acc->smtp_passwd);
208                                         acc->smtp_passwd = newpwd;
209                                 }
210                         }
211                 }
212         }
213
214         /* Now reencrypt all plugins passwords fields 
215          * FIXME: Unloaded plugins won't be able to update their stored passwords
216          */
217         plugins_master_password_change(oldp, newp);
218
219         master_password_forget();
220 }
221 #endif
222
223 gchar *password_encrypt_old(const gchar *password)
224 {
225         if (!password || strlen(password) == 0) {
226                 return NULL;
227         }
228
229         gchar *encrypted = g_strdup(password);
230         gchar *encoded, *result;
231         gsize len = strlen(password);
232
233         passcrypt_encrypt(encrypted, len);
234         encoded = g_base64_encode(encrypted, len);
235         g_free(encrypted);
236         result = g_strconcat("!", encoded, NULL);
237         g_free(encoded);
238
239         return result;
240 }
241
242 gchar *password_decrypt_old(const gchar *password)
243 {
244         if (!password || strlen(password) == 0) {
245                 return NULL;
246         }
247
248         if (*password != '!' || strlen(password) < 2) {
249                 return NULL;
250         }
251
252         gsize len;
253         gchar *decrypted = g_base64_decode(password + 1, &len);
254
255         passcrypt_decrypt(decrypted, len);
256         return decrypted;
257 }
258
259 #ifdef PASSWORD_CRYPTO_GNUTLS
260 #define BUFSIZE 128
261
262 gchar *password_encrypt_gnutls(const gchar *password,
263                 const gchar *encryption_password)
264 {
265         /* Another, slightly inferior combination is AES-128-CBC + SHA-256.
266          * Any block cipher in CBC mode with keysize N and a hash algo with
267          * digest length 2*N would do. */
268         gnutls_cipher_algorithm_t algo = GNUTLS_CIPHER_AES_256_CBC;
269         gnutls_digest_algorithm_t digest = GNUTLS_DIG_SHA512;
270         gnutls_cipher_hd_t handle;
271         gnutls_datum_t key, iv;
272         int ivlen, keylen, digestlen, blocklen, ret, i;
273         unsigned char hashbuf[BUFSIZE], *buf, *encbuf, *base, *output;
274 #ifdef G_OS_UNIX
275         int rnd;
276 #endif
277
278         g_return_val_if_fail(password != NULL, NULL);
279         g_return_val_if_fail(encryption_password != NULL, NULL);
280
281         ivlen = gnutls_cipher_get_iv_size(algo);
282         keylen = gnutls_cipher_get_key_size(algo);
283         blocklen = gnutls_cipher_get_block_size(algo);
284         digestlen = gnutls_hash_get_len(digest);
285
286         /* Prepare key for cipher - first half of hash of passkey XORed with
287          * the second. */
288         memset(&hashbuf, 0, BUFSIZE);
289         if ((ret = gnutls_hash_fast(digest, encryption_password,
290                                         strlen(encryption_password), &hashbuf)) < 0) {
291                 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
292                 return NULL;
293         }
294         for (i = 0; i < digestlen/2; i++) {
295                 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
296         }
297
298         key.data = malloc(keylen);
299         memcpy(key.data, &hashbuf, keylen);
300         key.size = keylen;
301
302 #ifdef G_OS_UNIX
303         /* Prepare our source of random data. */
304         rnd = open("/dev/urandom", O_RDONLY);
305         if (rnd == -1) {
306                 perror("fopen on /dev/urandom");
307                 g_free(key.data);
308                 g_free(iv.data);
309                 return NULL;
310         }
311 #endif
312
313         /* Prepare random IV for cipher */
314         iv.data = malloc(ivlen);
315         iv.size = ivlen;
316 #ifdef G_OS_UNIX
317         ret = read(rnd, iv.data, ivlen);
318         if (ret != ivlen) {
319                 perror("read into iv");
320                 g_free(key.data);
321                 g_free(iv.data);
322                 close(rnd);
323                 return NULL;
324         }
325 #endif
326
327         /* Initialize the encryption */
328         ret = gnutls_cipher_init(&handle, algo, &key, &iv);
329         if (ret < 0) {
330                 g_free(key.data);
331                 g_free(iv.data);
332 #ifdef G_OS_UNIX
333                 close(rnd);
334 #endif
335                 return NULL;
336         }
337
338         /* Fill buf with one block of random data, our password, pad the
339          * rest with zero bytes. */
340         buf = malloc(BUFSIZE + blocklen);
341         memset(buf, 0, BUFSIZE);
342 #ifdef G_OS_UNIX
343         ret = read(rnd, buf, blocklen);
344         if (ret != blocklen) {
345                 perror("read into buffer");
346                 g_free(buf);
347                 g_free(key.data);
348                 g_free(iv.data);
349                 close(rnd);
350                 gnutls_cipher_deinit(handle);
351                 return NULL;
352         }
353
354         /* We don't need any more random data. */
355         close(rnd);
356 #endif
357
358         memcpy(buf + blocklen, password, strlen(password));
359
360         /* Encrypt into encbuf */
361         encbuf = malloc(BUFSIZE + blocklen);
362         memset(encbuf, 0, BUFSIZE + blocklen);
363         ret = gnutls_cipher_encrypt2(handle, buf, BUFSIZE + blocklen,
364                         encbuf, BUFSIZE + blocklen);
365         if (ret < 0) {
366                 g_free(key.data);
367                 g_free(iv.data);
368                 g_free(buf);
369                 g_free(encbuf);
370                 gnutls_cipher_deinit(handle);
371                 return NULL;
372         }
373
374         /* Cleanup */
375         gnutls_cipher_deinit(handle);
376         g_free(key.data);
377         g_free(iv.data);
378         g_free(buf);
379
380         /* And finally prepare the resulting string:
381          * "{algorithm}base64encodedciphertext" */
382         base = g_base64_encode(encbuf, BUFSIZE);
383         g_free(encbuf);
384         output = g_strdup_printf("{%s}%s", gnutls_cipher_get_name(algo), base);
385         g_free(base);
386
387         return output;
388 }
389
390 gchar *password_decrypt_gnutls(const gchar *password,
391                 const gchar *decryption_password)
392 {
393         gchar **tokens, *tmp;
394         gnutls_cipher_algorithm_t algo;
395         gnutls_digest_algorithm_t digest = GNUTLS_DIG_UNKNOWN;
396         gnutls_cipher_hd_t handle;
397         gnutls_datum_t key, iv;
398         int ivlen, keylen, digestlen, blocklen, ret, i;
399         gsize len;
400         unsigned char hashbuf[BUFSIZE], *buf;
401 #ifdef G_OS_UNIX
402         int rnd;
403 #endif
404
405         g_return_val_if_fail(password != NULL, NULL);
406         g_return_val_if_fail(decryption_password != NULL, NULL);
407
408         tokens = g_strsplit_set(password, "{}", 3);
409
410         /* Parse the string, retrieving algorithm and encrypted data.
411          * We expect "{algorithm}base64encodedciphertext". */
412         if (strlen(tokens[0]) != 0 ||
413                         (algo = gnutls_cipher_get_id(tokens[1])) == GNUTLS_CIPHER_UNKNOWN ||
414                         strlen(tokens[2]) == 0)
415                 return NULL;
416
417         /* Our hash algo needs to have digest length twice as long as our
418          * cipher algo's key length. */
419         if (algo == GNUTLS_CIPHER_AES_256_CBC) {
420                 debug_print("Using AES-256-CBC + SHA-512 for decryption\n");
421                 digest = GNUTLS_DIG_SHA512;
422         } else if (algo == GNUTLS_CIPHER_AES_128_CBC) {
423                 debug_print("Using AES-128-CBC + SHA-256 for decryption\n");
424                 digest = GNUTLS_DIG_SHA256;
425         }
426         if (digest == GNUTLS_DIG_UNKNOWN) {
427                 debug_print("Password is encrypted with unsupported cipher, giving up.\n");
428                 g_strfreev(tokens);
429                 return NULL;
430         }
431
432         ivlen = gnutls_cipher_get_iv_size(algo);
433         keylen = gnutls_cipher_get_key_size(algo);
434         blocklen = gnutls_cipher_get_block_size(algo);
435         digestlen = gnutls_hash_get_len(digest);
436
437         /* Prepare key for cipher - first half of hash of passkey XORed with
438          * the second. AES-256 has key length 32 and length of SHA-512 hash
439          * is exactly twice that, 64. */
440         memset(&hashbuf, 0, BUFSIZE);
441         if ((ret = gnutls_hash_fast(digest, decryption_password,
442                                         strlen(decryption_password), &hashbuf)) < 0) {
443                 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
444                 g_strfreev(tokens);
445                 return NULL;
446         }
447         for (i = 0; i < digestlen/2; i++) {
448                 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
449         }
450
451         key.data = malloc(keylen);
452         memcpy(key.data, &hashbuf, keylen);
453         key.size = keylen;
454
455 #ifdef G_OS_UNIX
456         /* Prepare our source of random data. */
457         rnd = open("/dev/urandom", O_RDONLY);
458         if (rnd == -1) {
459                 perror("fopen on /dev/urandom");
460                 g_free(key.data);
461                 g_free(iv.data);
462                 g_strfreev(tokens);
463                 return NULL;
464         }
465 #endif
466
467         /* Prepare random IV for cipher */
468         iv.data = malloc(ivlen);
469         iv.size = ivlen;
470 #ifdef G_OS_UNIX
471         ret = read(rnd, iv.data, ivlen);
472         if (ret != ivlen) {
473                 perror("read into iv");
474                 g_free(key.data);
475                 g_free(iv.data);
476                 g_strfreev(tokens);
477                 close(rnd);
478                 return NULL;
479         }
480
481         /* We don't need any more random data. */
482         close(rnd);
483 #endif
484
485         /* Prepare encrypted password string for decryption. */
486         tmp = g_base64_decode(tokens[2], &len);
487         g_strfreev(tokens);
488
489         /* Initialize the decryption */
490         ret = gnutls_cipher_init(&handle, algo, &key, &iv);
491         if (ret < 0) {
492                 debug_print("Cipher init failed: %s\n", gnutls_strerror(ret));
493                 g_free(key.data);
494                 g_free(iv.data);
495                 return NULL;
496         }
497
498         buf = malloc(BUFSIZE + blocklen);
499         memset(buf, 0, BUFSIZE + blocklen);
500         ret = gnutls_cipher_decrypt2(handle, tmp, len,
501                         buf, BUFSIZE + blocklen);
502         if (ret < 0) {
503                 debug_print("Decryption failed: %s\n", gnutls_strerror(ret));
504                 g_free(key.data);
505                 g_free(iv.data);
506                 g_free(buf);
507                 gnutls_cipher_deinit(handle);
508                 return NULL;
509         }
510
511         /* Cleanup */
512         gnutls_cipher_deinit(handle);
513         g_free(key.data);
514         g_free(iv.data);
515
516         tmp = g_strndup(buf + blocklen, MIN(strlen(buf + blocklen), BUFSIZE));
517         g_free(buf);
518         return tmp;
519 }
520
521 #undef BUFSIZE
522
523 #endif
524
525 gchar *password_encrypt(const gchar *password,
526                 const gchar *encryption_password)
527 {
528         if (password == NULL || strlen(password) == 0) {
529                 return NULL;
530         }
531
532 #ifndef PASSWORD_CRYPTO_OLD
533         if (encryption_password == NULL)
534                 encryption_password = master_password();
535
536         return password_encrypt_real(password, encryption_password);
537 #endif
538
539         return password_encrypt_old(password);
540 }
541
542 gchar *password_decrypt(const gchar *password,
543                 const gchar *decryption_password)
544 {
545         if (password == NULL || strlen(password) == 0) {
546                 return NULL;
547         }
548
549         /* First, check if the password was possibly decrypted using old,
550          * obsolete method */
551         if (*password == '!') {
552                 debug_print("Trying to decrypt password using the old method...\n");
553                 return password_decrypt_old(password);
554         }
555
556         /* Try available crypto backend */
557 #ifndef PASSWORD_CRYPTO_OLD
558         if (decryption_password == NULL)
559                 decryption_password = master_password();
560
561         if (*password == '{') {
562                 debug_print("Trying to decrypt password...\n");
563                 return password_decrypt_real(password, decryption_password);
564         }
565 #endif
566
567         /* Fallback, in case the configuration is really old and
568          * stored password in plaintext */
569         debug_print("Assuming password was stored plaintext, returning it unchanged\n");
570         return g_strdup(password);
571 }